2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | IFS-2.12 | ||
| Paper Title | ON THE REVERSIBILITY OF ADVERSARIAL ATTACKS | ||
| Authors | Chau Yi Li, Ricardo Sánchez-Matilla, Ali Shahin Shamsabadi, Riccardo Mazzon, Andrea Cavallaro, Queen Mary University of London, United Kingdom | ||
| Session | IFS-2: Information Forensics and Security | ||
| Location | Area K | ||
| Session Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Information Forensics and Security: Multimedia forensics | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | Adversarial attacks modify images with perturbations that change the prediction of classifiers. These modified images, known as adversarial examples, expose the vulnerabilities of deep neural network classifiers. In this paper, we investigate the predictability of the mapping between the classes predicted for original images and for their corresponding adversarial examples. This predictability relates to the possibility of retrieving the original predictions and hence reversing the induced misclassification. We refer to this property as the reversibility of an adversarial attack, and quantify reversibility as the accuracy in retrieving the original class or the true class of an adversarial example. We present an approach that reverses the effect of an adversarial attack on a classifier using a prior set of classification results. We analyse the reversibility of state-of-the-art adversarial attacks on benchmark classifiers and discuss the factors that affect the reversibility. | ||