Attacks based on malicious perturbations on image processing systems and defense methods against them

Systems implementing artifcial intelligence technologies have become widespread due to their effectiveness in solving various applied tasks including computer vision. Image processing through neural networks is also used in security-critical systems. At the same time, the use of artifcial intelligen...

詳細記述

書誌詳細
出版年:Научно-технический вестник информационных технологий, механики и оптики
主要な著者: D. A. Esipov, A. Y. Buchaev, A. Kerimbay, Y. V. Puzikova, S. K. Saidumarov, N. S. Sulimenko, I. Yu. Popov, N. S. Karmanovskiy
フォーマット: 論文
言語:英語
出版事項: ITMO University 2024-12-01
主題:
искусственный интеллект
искусственная нейронная сеть
обработка изображений
состязательная атака
встраивание бэкдора
вредоносное возмущение
состязательное обучение
защитная дистилляция
сжатие параметров
сертификационная защита
предобработка данных
オンライン・アクセス:https://ntv.elpub.ru/jour/article/view/202
その他の書誌記述
要約:Systems implementing artifcial intelligence technologies have become widespread due to their effectiveness in solving various applied tasks including computer vision. Image processing through neural networks is also used in security-critical systems. At the same time, the use of artifcial intelligence is associated with characteristic threats including disruption of machine learning models. The phenomenon of triggering an incorrect neural network response by introducing perturbations that are visually imperceptible to a person was frst described and attracted the attention of researchers in 2013. Methods of attacks on neural networks based on malicious perturbations have been continuously improved, ways of disrupting the operation of neural networks in processing various types of data and tasks of the target model have been proposed. The threat of disrupting the functioning of neural networks through these attacks has become a signifcant problem for systems implementing artifcial intelligence technologies. Thus, research in the feld of countering attacks based on malicious perturbations is very relevant. This article describes current attacks, provides an overview and comparative analysis of such attacks on image processing systems based on artifcial intelligence. Approaches to the classifcation of attacks based on malicious perturbations are formulated. Defense methods against such attacks are considered, their shortcomings are revealed. The limitations of the applied defense methods that reduce the effectiveness of counteraction to attacks are shown. Approaches and practical measures to detect and eliminate harmful disturbances are proposed.
ISSN:2226-1494
2500-0373

類似資料