Modeling and Energy Analysis of Adversarial Perturbations in Deep Image Classification Security
Published in Canadian Workshop on Information Theory (CWIT), 2022
Recommended citation: L. Ye, E. -h. Yang and A. H. Salamah, Modeling and Energy Analysis of Adversarial Perturbations in Deep Image Classification Security, 2022 17th Canadian Workshop on Information Theory (CWIT), 2022, pp. 62-67, doi: 10.1109/CWIT55308.2022.9817678. https://ieeexplore.ieee.org/abstract/document/9817678
Despite the great success of deep neural networks (DNNs) in computer vision, they are vulnerable to adversarial attacks. Given a well-trained DNN and an image x , a malicious and imperceptible perturbation ε can be easily crafted and added to x to generate an adversarial example x′ . The output of the DNN in response to x′ will be different from that of the DNN in response to x • To shed light on how to defend DNNs against such adversarial attacks, in this paper, we apply statistical methods to model and analyze adversarial perturbations ε crafted by FGSM, PGD, and CW attacks. It is shown statistically that (1) the adversarial perturbations ε crafted by FGSM, PGD, and CW attacks can all be modelled in the Discrete Cosine Transform (DCT) domain by the Transparent Composite Model (TCM) based on generalized Gaussian (GGTCM); (2) CW attack puts more perturbation energy in the background of an image than in the object of the image, while there is no such distinction for FGSM and PGD attacks; and (3) the energy of adversarial perturbation in the case of CW attack is more concentrated on DC components than in the case of FGSM and PGD attacks.
Recommended citation: L. Ye, E. -h. Yang and A. H. Salamah, Modeling and Energy Analysis of Adversarial Perturbations in Deep Image Classification Security, 2022 17th Canadian Workshop on Information Theory (CWIT), 2022, pp. 62-67, doi: 10.1109/CWIT55308.2022.9817678.