Go to DBLP homepagePDAAA: Progressive Defense Against Adversarial Attacks for Deep Learning-as-a-Service in Internet of Things
Abstract: Nowadays, Deep Learning-as-a-Service can be de-ployed in the Internet of Things (IoT) to provide smart services and sensor data processing. However, recent research has re-vealed that some Deep Neural Networks (DNN) can be easily misled by adding relatively small but adversarial perturbations to the input (e.g., pixel mutation in input images). One challenge in defending DNN against these attacks is to efficiently identify and filtering out the adversarial pixels. The state-of-the-art defense strategies with good robustness often require additional model training for specific attacks. To reduce the computational cost without loss of generality, we present a defense strategy called a progressive defense against adversarial attacks (PDAAA) for efficiently and effectively filtering out the adversarial pixel mutations, which could mislead the neural network towards erro-neous outputs, without a-priori knowledge about the attack type. We evaluated our progressive defense strategy against various attack methods on two well-known datasets. Experimental result shows it outperforms the state-of-the-art methods(Adversarial-PGD, Adversarial-Network, and Adversarial-Dual-Network) with dramatically reduced computation cost.
Loading