Preliminary Studies on Defending Image Adversarial Attacks with Domain Adaptation Algorithms
Zheng Zhang
EECS Department, University of California, Berkeley
Technical Report No. UCB/EECS-2023-72
May 8, 2023
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2023/EECS-2023-72.pdf
Deep Neural Networks (DNNs) have demonstrated high performance in various tasks using image datasets. Despite the rapid expansion of innovation and research in DNNs, they are also vulnerable to image-based adversarial attacks, which can compromise the reliability of DNNs and impose challenges on the applications of artificial intelligence (AI) in safety-critical tasks. In this report, we propose a new defense method that takes advantage of the domain loss function of Domain Adaptation Algorithms, and we have named the method Domain Adaptation Defense (DAD). DAD can generate distributional-based defense without prior knowledge of attack functions, making it more applicable in real-life applications. Our results also indicate that DAD can perform similarly to many current defense methods. Through our study of distributional discrepancies, we verify that the domain loss function is an essential defense mechanism that captures the domain differences between clean and adversarial images. From the comparison results, we identify that existing Domain Adaptation Algorithms with domain-classifier-based loss functions, such as Proxy A-Distance, are more effective than the others. Furthermore, we have designed a new experimental procedure for studying the joint research area between distributional shifts of adversarial attacks and Domain Adaptation Algorithms. The promising results and well-formatted procedure will inspire improvements and inventions of new domain loss functions and Domain Adaptation Algorithms focusing on defending against adversarial attacks.
Advisors: Alberto L. Sangiovanni-Vincentelli
BibTeX citation:
@mastersthesis{Zhang:EECS-2023-72,
Author= {Zhang, Zheng},
Title= {Preliminary Studies on Defending Image Adversarial Attacks with Domain Adaptation Algorithms},
School= {EECS Department, University of California, Berkeley},
Year= {2023},
Month= {May},
Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2023/EECS-2023-72.html},
Number= {UCB/EECS-2023-72},
Abstract= {Deep Neural Networks (DNNs) have demonstrated high performance in various tasks using image datasets. Despite the rapid expansion of innovation and research in DNNs, they are also vulnerable to image-based adversarial attacks, which can compromise the reliability of DNNs and impose challenges on the applications of artificial intelligence (AI) in safety-critical tasks. In this report, we propose a new defense method that takes advantage of the domain loss function of Domain Adaptation Algorithms, and we have named the method Domain Adaptation Defense (DAD). DAD can generate distributional-based defense without prior knowledge of attack functions, making it more applicable in real-life applications. Our results also indicate that DAD can perform similarly to many current defense methods. Through our study of distributional discrepancies, we verify that the domain loss function is an essential defense mechanism that captures the domain differences between clean and adversarial images. From the comparison results, we identify that existing Domain Adaptation Algorithms with domain-classifier-based loss functions, such as Proxy A-Distance, are more effective than the others. Furthermore, we have designed a new experimental procedure for studying the joint research area between distributional shifts of adversarial attacks and Domain Adaptation Algorithms. The promising results and well-formatted procedure will inspire improvements and inventions of new domain loss functions and Domain Adaptation Algorithms focusing on defending against adversarial attacks.},
}
EndNote citation:
%0 Thesis %A Zhang, Zheng %T Preliminary Studies on Defending Image Adversarial Attacks with Domain Adaptation Algorithms %I EECS Department, University of California, Berkeley %D 2023 %8 May 8 %@ UCB/EECS-2023-72 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2023/EECS-2023-72.html %F Zhang:EECS-2023-72