2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | SS-MMSDF-1.8 | ||
| Paper Title | DETECTING C&W ADVERSARIAL IMAGES BASED ON NOISE ADDITION-THEN-DENOISING | ||
| Authors | Kang Deng, Anjie Peng, Wanli Dong, Hui Zeng, Southwest University of Science and Technology, China | ||
| Session | SS-MMSDF-1: Special Session: AI for Multimedia Security and Deepfake 1 | ||
| Location | Area B | ||
| Session Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Special Sessions: Artificial Intelligence for Multimedia Security and Deepfake | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | In this paper, we focus on detecting adversarial images generated by the white-box adversarial attack proposed by Carlini and Wagner (C&W for short). The C&W attack is one of the most powerful attacks which has achieved nearly 100% attack success rates for fooling deep neural network (DNN) yet keeping the visual quality of adversarial image. Considering that the C&W attack optimizes a loss function based on the logit layer of DNN to find adversarial perturbations, we first add Gaussian noise to destroy the perturbations. For the high-confidence adversarial image, a strong Gaussian noise is employed. In order to reduce the impact of such strong noise on a legitimate image, a FFDNet filter is utilized to execute denoising. By comparing the prediction on a test image with that on its noise added-then-denoised version, the proposed method detects the test image as adversarial when the predictions are different. The experiments on ImageNet show that the proposed method can effectively detect targeted and un-targeted C&W adversarial images generated on famous models: Resnet-50, Inception v2, and Inception v3, achieving higher F1 scores than the-state-of-art. | ||