A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean da...
Ausführliche Beschreibung
Gespeichert in:
| Autor*in: |
Mohammed Nasser Al-Andoli [verfasserIn] Shing Chiang Tan [verfasserIn] Kok Swee Sim [verfasserIn] Pey Yun Goh [verfasserIn] Chee Peng Lim [verfasserIn] |
|---|
| Format: |
E-Artikel |
|---|---|
| Sprache: |
Englisch |
| Erschienen: |
2024 |
|---|
| Schlagwörter: |
|---|
| Übergeordnetes Werk: |
In: IEEE Access - IEEE, 2014, 12(2024), Seite 17522-17540 |
|---|---|
| Übergeordnetes Werk: |
volume:12 ; year:2024 ; pages:17522-17540 |
| Links: |
|---|
| DOI / URN: |
10.1109/ACCESS.2024.3354699 |
|---|
| Katalog-ID: |
DOAJ094858667 |
|---|
| LEADER | 01000naa a22002652 4500 | ||
|---|---|---|---|
| 001 | DOAJ094858667 | ||
| 003 | DE-627 | ||
| 005 | 20240413081505.0 | ||
| 007 | cr uuu---uuuuu | ||
| 008 | 240413s2024 xx |||||o 00| ||eng c | ||
| 024 | 7 | |a 10.1109/ACCESS.2024.3354699 |2 doi | |
| 035 | |a (DE-627)DOAJ094858667 | ||
| 035 | |a (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 | ||
| 040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
| 041 | |a eng | ||
| 050 | 0 | |a TK1-9971 | |
| 100 | 0 | |a Mohammed Nasser Al-Andoli |e verfasserin |4 aut | |
| 245 | 1 | 2 | |a A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
| 264 | 1 | |c 2024 | |
| 336 | |a Text |b txt |2 rdacontent | ||
| 337 | |a Computermedien |b c |2 rdamedia | ||
| 338 | |a Online-Ressource |b cr |2 rdacarrier | ||
| 520 | |a Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. | ||
| 650 | 4 | |a Deep learning | |
| 650 | 4 | |a adversarial examples | |
| 650 | 4 | |a security | |
| 650 | 4 | |a adversarial attacks | |
| 650 | 4 | |a adversarial examples detection | |
| 653 | 0 | |a Electrical engineering. Electronics. Nuclear engineering | |
| 700 | 0 | |a Shing Chiang Tan |e verfasserin |4 aut | |
| 700 | 0 | |a Kok Swee Sim |e verfasserin |4 aut | |
| 700 | 0 | |a Pey Yun Goh |e verfasserin |4 aut | |
| 700 | 0 | |a Chee Peng Lim |e verfasserin |4 aut | |
| 773 | 0 | 8 | |i In |t IEEE Access |d IEEE, 2014 |g 12(2024), Seite 17522-17540 |w (DE-627)728440385 |w (DE-600)2687964-5 |x 21693536 |7 nnns |
| 773 | 1 | 8 | |g volume:12 |g year:2024 |g pages:17522-17540 |
| 856 | 4 | 0 | |u https://doi.org/10.1109/ACCESS.2024.3354699 |z kostenfrei |
| 856 | 4 | 0 | |u https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 |z kostenfrei |
| 856 | 4 | 0 | |u https://ieeexplore.ieee.org/document/10400453/ |z kostenfrei |
| 856 | 4 | 2 | |u https://doaj.org/toc/2169-3536 |y Journal toc |z kostenfrei |
| 912 | |a GBV_USEFLAG_A | ||
| 912 | |a SYSFLAG_A | ||
| 912 | |a GBV_DOAJ | ||
| 912 | |a GBV_ILN_11 | ||
| 912 | |a GBV_ILN_20 | ||
| 912 | |a GBV_ILN_22 | ||
| 912 | |a GBV_ILN_23 | ||
| 912 | |a GBV_ILN_24 | ||
| 912 | |a GBV_ILN_31 | ||
| 912 | |a GBV_ILN_39 | ||
| 912 | |a GBV_ILN_40 | ||
| 912 | |a GBV_ILN_60 | ||
| 912 | |a GBV_ILN_62 | ||
| 912 | |a GBV_ILN_63 | ||
| 912 | |a GBV_ILN_65 | ||
| 912 | |a GBV_ILN_69 | ||
| 912 | |a GBV_ILN_70 | ||
| 912 | |a GBV_ILN_73 | ||
| 912 | |a GBV_ILN_95 | ||
| 912 | |a GBV_ILN_105 | ||
| 912 | |a GBV_ILN_110 | ||
| 912 | |a GBV_ILN_151 | ||
| 912 | |a GBV_ILN_161 | ||
| 912 | |a GBV_ILN_170 | ||
| 912 | |a GBV_ILN_213 | ||
| 912 | |a GBV_ILN_230 | ||
| 912 | |a GBV_ILN_285 | ||
| 912 | |a GBV_ILN_293 | ||
| 912 | |a GBV_ILN_370 | ||
| 912 | |a GBV_ILN_602 | ||
| 912 | |a GBV_ILN_2014 | ||
| 912 | |a GBV_ILN_4012 | ||
| 912 | |a GBV_ILN_4037 | ||
| 912 | |a GBV_ILN_4112 | ||
| 912 | |a GBV_ILN_4125 | ||
| 912 | |a GBV_ILN_4126 | ||
| 912 | |a GBV_ILN_4249 | ||
| 912 | |a GBV_ILN_4305 | ||
| 912 | |a GBV_ILN_4306 | ||
| 912 | |a GBV_ILN_4307 | ||
| 912 | |a GBV_ILN_4313 | ||
| 912 | |a GBV_ILN_4322 | ||
| 912 | |a GBV_ILN_4323 | ||
| 912 | |a GBV_ILN_4324 | ||
| 912 | |a GBV_ILN_4325 | ||
| 912 | |a GBV_ILN_4335 | ||
| 912 | |a GBV_ILN_4338 | ||
| 912 | |a GBV_ILN_4367 | ||
| 912 | |a GBV_ILN_4700 | ||
| 951 | |a AR | ||
| 952 | |d 12 |j 2024 |h 17522-17540 | ||
| author_variant |
m n a a mnaa s c t sct k s s kss p y g pyg c p l cpl |
|---|---|
| matchkey_str |
article:21693536:2024----::faeokorbsdelannmdlaantdesraatcsaeo |
| hierarchy_sort_str |
2024 |
| callnumber-subject-code |
TK |
| publishDate |
2024 |
| allfields |
10.1109/ACCESS.2024.3354699 doi (DE-627)DOAJ094858667 (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 DE-627 ger DE-627 rakwb eng TK1-9971 Mohammed Nasser Al-Andoli verfasserin aut A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach 2024 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. Deep learning adversarial examples security adversarial attacks adversarial examples detection Electrical engineering. Electronics. Nuclear engineering Shing Chiang Tan verfasserin aut Kok Swee Sim verfasserin aut Pey Yun Goh verfasserin aut Chee Peng Lim verfasserin aut In IEEE Access IEEE, 2014 12(2024), Seite 17522-17540 (DE-627)728440385 (DE-600)2687964-5 21693536 nnns volume:12 year:2024 pages:17522-17540 https://doi.org/10.1109/ACCESS.2024.3354699 kostenfrei https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 kostenfrei https://ieeexplore.ieee.org/document/10400453/ kostenfrei https://doaj.org/toc/2169-3536 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_170 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 12 2024 17522-17540 |
| spelling |
10.1109/ACCESS.2024.3354699 doi (DE-627)DOAJ094858667 (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 DE-627 ger DE-627 rakwb eng TK1-9971 Mohammed Nasser Al-Andoli verfasserin aut A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach 2024 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. Deep learning adversarial examples security adversarial attacks adversarial examples detection Electrical engineering. Electronics. Nuclear engineering Shing Chiang Tan verfasserin aut Kok Swee Sim verfasserin aut Pey Yun Goh verfasserin aut Chee Peng Lim verfasserin aut In IEEE Access IEEE, 2014 12(2024), Seite 17522-17540 (DE-627)728440385 (DE-600)2687964-5 21693536 nnns volume:12 year:2024 pages:17522-17540 https://doi.org/10.1109/ACCESS.2024.3354699 kostenfrei https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 kostenfrei https://ieeexplore.ieee.org/document/10400453/ kostenfrei https://doaj.org/toc/2169-3536 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_170 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 12 2024 17522-17540 |
| allfields_unstemmed |
10.1109/ACCESS.2024.3354699 doi (DE-627)DOAJ094858667 (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 DE-627 ger DE-627 rakwb eng TK1-9971 Mohammed Nasser Al-Andoli verfasserin aut A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach 2024 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. Deep learning adversarial examples security adversarial attacks adversarial examples detection Electrical engineering. Electronics. Nuclear engineering Shing Chiang Tan verfasserin aut Kok Swee Sim verfasserin aut Pey Yun Goh verfasserin aut Chee Peng Lim verfasserin aut In IEEE Access IEEE, 2014 12(2024), Seite 17522-17540 (DE-627)728440385 (DE-600)2687964-5 21693536 nnns volume:12 year:2024 pages:17522-17540 https://doi.org/10.1109/ACCESS.2024.3354699 kostenfrei https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 kostenfrei https://ieeexplore.ieee.org/document/10400453/ kostenfrei https://doaj.org/toc/2169-3536 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_170 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 12 2024 17522-17540 |
| allfieldsGer |
10.1109/ACCESS.2024.3354699 doi (DE-627)DOAJ094858667 (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 DE-627 ger DE-627 rakwb eng TK1-9971 Mohammed Nasser Al-Andoli verfasserin aut A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach 2024 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. Deep learning adversarial examples security adversarial attacks adversarial examples detection Electrical engineering. Electronics. Nuclear engineering Shing Chiang Tan verfasserin aut Kok Swee Sim verfasserin aut Pey Yun Goh verfasserin aut Chee Peng Lim verfasserin aut In IEEE Access IEEE, 2014 12(2024), Seite 17522-17540 (DE-627)728440385 (DE-600)2687964-5 21693536 nnns volume:12 year:2024 pages:17522-17540 https://doi.org/10.1109/ACCESS.2024.3354699 kostenfrei https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 kostenfrei https://ieeexplore.ieee.org/document/10400453/ kostenfrei https://doaj.org/toc/2169-3536 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_170 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 12 2024 17522-17540 |
| allfieldsSound |
10.1109/ACCESS.2024.3354699 doi (DE-627)DOAJ094858667 (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 DE-627 ger DE-627 rakwb eng TK1-9971 Mohammed Nasser Al-Andoli verfasserin aut A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach 2024 Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. Deep learning adversarial examples security adversarial attacks adversarial examples detection Electrical engineering. Electronics. Nuclear engineering Shing Chiang Tan verfasserin aut Kok Swee Sim verfasserin aut Pey Yun Goh verfasserin aut Chee Peng Lim verfasserin aut In IEEE Access IEEE, 2014 12(2024), Seite 17522-17540 (DE-627)728440385 (DE-600)2687964-5 21693536 nnns volume:12 year:2024 pages:17522-17540 https://doi.org/10.1109/ACCESS.2024.3354699 kostenfrei https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 kostenfrei https://ieeexplore.ieee.org/document/10400453/ kostenfrei https://doaj.org/toc/2169-3536 Journal toc kostenfrei GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_170 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 AR 12 2024 17522-17540 |
| language |
English |
| source |
In IEEE Access 12(2024), Seite 17522-17540 volume:12 year:2024 pages:17522-17540 |
| sourceStr |
In IEEE Access 12(2024), Seite 17522-17540 volume:12 year:2024 pages:17522-17540 |
| format_phy_str_mv |
Article |
| institution |
findex.gbv.de |
| topic_facet |
Deep learning adversarial examples security adversarial attacks adversarial examples detection Electrical engineering. Electronics. Nuclear engineering |
| isfreeaccess_bool |
true |
| container_title |
IEEE Access |
| authorswithroles_txt_mv |
Mohammed Nasser Al-Andoli @@aut@@ Shing Chiang Tan @@aut@@ Kok Swee Sim @@aut@@ Pey Yun Goh @@aut@@ Chee Peng Lim @@aut@@ |
| publishDateDaySort_date |
2024-01-01T00:00:00Z |
| hierarchy_top_id |
728440385 |
| id |
DOAJ094858667 |
| language_de |
englisch |
| fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000naa a22002652 4500</leader><controlfield tag="001">DOAJ094858667</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20240413081505.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">240413s2024 xx |||||o 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1109/ACCESS.2024.3354699</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)DOAJ094858667</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DOAJb5e4057a3373471aa42f4cdc86757586</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">TK1-9971</subfield></datafield><datafield tag="100" ind1="0" ind2=" "><subfield code="a">Mohammed Nasser Al-Andoli</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="2"><subfield code="a">A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2024</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Deep learning</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">adversarial examples</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">adversarial attacks</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">adversarial examples detection</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Electrical engineering. Electronics. Nuclear engineering</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Shing Chiang Tan</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Kok Swee Sim</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Pey Yun Goh</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Chee Peng Lim</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">In</subfield><subfield code="t">IEEE Access</subfield><subfield code="d">IEEE, 2014</subfield><subfield code="g">12(2024), Seite 17522-17540</subfield><subfield code="w">(DE-627)728440385</subfield><subfield code="w">(DE-600)2687964-5</subfield><subfield code="x">21693536</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:12</subfield><subfield code="g">year:2024</subfield><subfield code="g">pages:17522-17540</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doi.org/10.1109/ACCESS.2024.3354699</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://ieeexplore.ieee.org/document/10400453/</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="u">https://doaj.org/toc/2169-3536</subfield><subfield code="y">Journal toc</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_DOAJ</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_11</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_63</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_110</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_151</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_170</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_213</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_230</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4012</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4037</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4112</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4125</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4126</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4249</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4305</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4306</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4307</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4313</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4322</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4323</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4324</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4325</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4335</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4338</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4367</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4700</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">12</subfield><subfield code="j">2024</subfield><subfield code="h">17522-17540</subfield></datafield></record></collection>
|
| callnumber-first |
T - Technology |
| author |
Mohammed Nasser Al-Andoli |
| spellingShingle |
Mohammed Nasser Al-Andoli misc TK1-9971 misc Deep learning misc adversarial examples misc security misc adversarial attacks misc adversarial examples detection misc Electrical engineering. Electronics. Nuclear engineering A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
| authorStr |
Mohammed Nasser Al-Andoli |
| ppnlink_with_tag_str_mv |
@@773@@(DE-627)728440385 |
| format |
electronic Article |
| delete_txt_mv |
keep |
| author_role |
aut aut aut aut aut |
| collection |
DOAJ |
| remote_str |
true |
| callnumber-label |
TK1-9971 |
| illustrated |
Not Illustrated |
| issn |
21693536 |
| topic_title |
TK1-9971 A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach Deep learning adversarial examples security adversarial attacks adversarial examples detection |
| topic |
misc TK1-9971 misc Deep learning misc adversarial examples misc security misc adversarial attacks misc adversarial examples detection misc Electrical engineering. Electronics. Nuclear engineering |
| topic_unstemmed |
misc TK1-9971 misc Deep learning misc adversarial examples misc security misc adversarial attacks misc adversarial examples detection misc Electrical engineering. Electronics. Nuclear engineering |
| topic_browse |
misc TK1-9971 misc Deep learning misc adversarial examples misc security misc adversarial attacks misc adversarial examples detection misc Electrical engineering. Electronics. Nuclear engineering |
| format_facet |
Elektronische Aufsätze Aufsätze Elektronische Ressource |
| format_main_str_mv |
Text Zeitschrift/Artikel |
| carriertype_str_mv |
cr |
| hierarchy_parent_title |
IEEE Access |
| hierarchy_parent_id |
728440385 |
| hierarchy_top_title |
IEEE Access |
| isfreeaccess_txt |
true |
| familylinks_str_mv |
(DE-627)728440385 (DE-600)2687964-5 |
| title |
A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
| ctrlnum |
(DE-627)DOAJ094858667 (DE-599)DOAJb5e4057a3373471aa42f4cdc86757586 |
| title_full |
A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
| author_sort |
Mohammed Nasser Al-Andoli |
| journal |
IEEE Access |
| journalStr |
IEEE Access |
| callnumber-first-code |
T |
| lang_code |
eng |
| isOA_bool |
true |
| recordtype |
marc |
| publishDateSort |
2024 |
| contenttype_str_mv |
txt |
| container_start_page |
17522 |
| author_browse |
Mohammed Nasser Al-Andoli Shing Chiang Tan Kok Swee Sim Pey Yun Goh Chee Peng Lim |
| container_volume |
12 |
| class |
TK1-9971 |
| format_se |
Elektronische Aufsätze |
| author-letter |
Mohammed Nasser Al-Andoli |
| doi_str_mv |
10.1109/ACCESS.2024.3354699 |
| author2-role |
verfasserin |
| title_sort |
framework for robust deep learning models against adversarial attacks based on a protection layer approach |
| callnumber |
TK1-9971 |
| title_auth |
A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
| abstract |
Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. |
| abstractGer |
Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. |
| abstract_unstemmed |
Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. |
| collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_DOAJ GBV_ILN_11 GBV_ILN_20 GBV_ILN_22 GBV_ILN_23 GBV_ILN_24 GBV_ILN_31 GBV_ILN_39 GBV_ILN_40 GBV_ILN_60 GBV_ILN_62 GBV_ILN_63 GBV_ILN_65 GBV_ILN_69 GBV_ILN_70 GBV_ILN_73 GBV_ILN_95 GBV_ILN_105 GBV_ILN_110 GBV_ILN_151 GBV_ILN_161 GBV_ILN_170 GBV_ILN_213 GBV_ILN_230 GBV_ILN_285 GBV_ILN_293 GBV_ILN_370 GBV_ILN_602 GBV_ILN_2014 GBV_ILN_4012 GBV_ILN_4037 GBV_ILN_4112 GBV_ILN_4125 GBV_ILN_4126 GBV_ILN_4249 GBV_ILN_4305 GBV_ILN_4306 GBV_ILN_4307 GBV_ILN_4313 GBV_ILN_4322 GBV_ILN_4323 GBV_ILN_4324 GBV_ILN_4325 GBV_ILN_4335 GBV_ILN_4338 GBV_ILN_4367 GBV_ILN_4700 |
| title_short |
A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
| url |
https://doi.org/10.1109/ACCESS.2024.3354699 https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586 https://ieeexplore.ieee.org/document/10400453/ https://doaj.org/toc/2169-3536 |
| remote_bool |
true |
| author2 |
Shing Chiang Tan Kok Swee Sim Pey Yun Goh Chee Peng Lim |
| author2Str |
Shing Chiang Tan Kok Swee Sim Pey Yun Goh Chee Peng Lim |
| ppnlink |
728440385 |
| callnumber-subject |
TK - Electrical and Nuclear Engineering |
| mediatype_str_mv |
c |
| isOA_txt |
true |
| hochschulschrift_bool |
false |
| doi_str |
10.1109/ACCESS.2024.3354699 |
| callnumber-a |
TK1-9971 |
| up_date |
2024-07-04T00:57:34.444Z |
| _version_ |
1803608029342466048 |
| fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000naa a22002652 4500</leader><controlfield tag="001">DOAJ094858667</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20240413081505.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">240413s2024 xx |||||o 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1109/ACCESS.2024.3354699</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)DOAJ094858667</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DOAJb5e4057a3373471aa42f4cdc86757586</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">TK1-9971</subfield></datafield><datafield tag="100" ind1="0" ind2=" "><subfield code="a">Mohammed Nasser Al-Andoli</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="2"><subfield code="a">A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2024</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Deep learning</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">adversarial examples</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">adversarial attacks</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">adversarial examples detection</subfield></datafield><datafield tag="653" ind1=" " ind2="0"><subfield code="a">Electrical engineering. Electronics. Nuclear engineering</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Shing Chiang Tan</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Kok Swee Sim</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Pey Yun Goh</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="0" ind2=" "><subfield code="a">Chee Peng Lim</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">In</subfield><subfield code="t">IEEE Access</subfield><subfield code="d">IEEE, 2014</subfield><subfield code="g">12(2024), Seite 17522-17540</subfield><subfield code="w">(DE-627)728440385</subfield><subfield code="w">(DE-600)2687964-5</subfield><subfield code="x">21693536</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:12</subfield><subfield code="g">year:2024</subfield><subfield code="g">pages:17522-17540</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doi.org/10.1109/ACCESS.2024.3354699</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://doaj.org/article/b5e4057a3373471aa42f4cdc86757586</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://ieeexplore.ieee.org/document/10400453/</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="u">https://doaj.org/toc/2169-3536</subfield><subfield code="y">Journal toc</subfield><subfield code="z">kostenfrei</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_DOAJ</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_11</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_20</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_22</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_23</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_24</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_31</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_39</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_40</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_60</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_62</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_63</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_65</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_69</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_73</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_95</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_105</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_110</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_151</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_161</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_170</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_213</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_230</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_285</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_293</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_370</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_602</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4012</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4037</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4112</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4125</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4126</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4249</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4305</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4306</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4307</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4313</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4322</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4323</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4324</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4325</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4335</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4338</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4367</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4700</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">12</subfield><subfield code="j">2024</subfield><subfield code="h">17522-17540</subfield></datafield></record></collection>
|
| score |
7.4021244 |