Adversarial Attack Detection with Convolutional Neural Networks on Images for Selection of the Most Suitable Model in Object Detection

Yıl 2023, Cilt: 13 Sayı: 4, 2353 - 2363, 01.12.2023

Murat Taşyürek , Ertuğrul Gül

https://doi.org/10.21597/jist.1281262

Öz

Object detection on images with high accuracy is an essential issue for many application areas, especially real-time applications. Convolutional neural networks, on the other hand, are deep learning-based methods that have been used in object detection applications in recent years and have achieved high accuracy. However, although classical convolutional neural networks can detect objects on original images with high accuracy, their performance may be insufficient on images where adversarial attacks such as FGSM, PGD, and APGD are applied. To overcome this problem, different models and pre-processes are developed for object detection on attacked images. However, the performance of the models may vary for attacked and non-attacked cases. Therefore, it is necessary to determine whether the attack occurred and select the most successful model according to the case. To solve the problem mentioned above, detect whether there is an adversarial attack on the images using convolutional neural networks has been performed in this study. Within the scope of the study, YOLO v5 and Faster R-CNN models were trained for the adversarial attack detection task with and without transfer learning. Experimental results show that the Faster R-CNN model with transfer learning achieved the most successful result among the four models with an f1 score of 0.971.

Anahtar Kelimeler

Object detection, Adversarial attack, Faster R-CNN, YOLO v5, CNN

Nesne Tespitinde En Uygun Modelin Seçimi İçin Görüntüler Üzerinde Evrişimli Sinir Ağları ile Çekişmeli Saldırı Tespiti

Öz

Görüntülerdeki nesnelerin yüksek doğrulukta tespit edilmesi gerçek zamanlı uygulamalar başta olmak üzere birçok uygulama alanı için önemli bir konudur. Evrişimli sinir ağları ise son yıllarda nesne tespiti uygulamalarında kullanılan ve yüksek doğrulukta başarılar elde edilebilen derin öğrenme tabanlı yöntemlerdir. Klasik Evrişimli sinir ağları orijinal görüntülerdeki nesneleri yüksek doğruluk tespit edebilmesine rağmen ağların FGSM, PGD ve APGD gibi çekişmeli saldırıların uygulandığı görüntülerde başarımları yetersiz kalabilmektedir. Bu problemin üstesinden gelmek için saldırılı görüntülerde nesne tespiti için farklı modeller ve ön işlemler geliştirilmektedir. Ancak saldırılı ve saldırısız durumlar için modellerin başarımları değişebilmektedir. Bu yüzden saldırının olup olmadığının tespit edilmesi ve duruma göre en başarılı modelin seçilmesi gerekmektedir. Bahsedilen problemi çözmek için bu çalışmada görüntülerde çekişmeli saldırı olup olmadığının evrişimli sinir ağları kullanarak tespit edilmesi gerçekleştirilmektedir. Çalışma kapsamında YOLO v5 ve Faster R-CNN modelleri transfer öğrenmeli ve transfer öğrenmesiz olarak çekişmeli saldırı tespiti görevi için eğitilmiştir. Deneysel sonuçlar transfer öğrenmeli Faster R-CNN modelinin 0.971 f1 skoru ile dört model arasından en başarılı sonucu elde ettiğini göstermektedir.

Anahtar Kelimeler

Nesne tespiti, Çekişmeli saldırı, Faster R-CNN, YOLO v5, ESA

Kaynakça

• Amit, Y., Felzenszwalb, P., & Girshick, R. (2020). Object detection. Computer Vision: A Reference Guide, 1-9.
• Ayas, M. S., Ayas, S., & Djouadi, S. M. (2022, July). Projected Gradient Descent Adversarial Attack and Its Defense on a Fault Diagnosis System. In 2022 45th International Conference on Telecommunications and Signal Processing (TSP) (pp. 36-39). IEEE.
• Balamurugan, T., & Gnanamanoharan, E. (2023). Brain tumor segmentation and classification using hybrid deep CNN with LuNetClassifier. Neural Computing and Applications, 35(6), 4739-4753.
• Bochkovskiy, A., Wang, C. Y., & Liao, H. Y. M. (2020). Yolov4: Optimal speed and accuracy of object detection. arXiv preprint arXiv:2004.10934.
• Croce, F., & Hein, M. (2020, November). Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning (pp. 2206-2216). PMLR.
• Das, S. D., Basak, A., & Dutta, S. (2022). A heuristic-driven uncertainty based ensemble framework for fake news detection in tweets and news articles. Neurocomputing, 491, 607-620.
• Dong, Y., Liao, F., Pang, T., Su, H., Zhu, J., Hu, X., & Li, J. (2018). Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 9185-9193).
• Du, X., Song, L., Lv, Y., & Qiu, S. (2022). A Lightweight Military Target Detection Algorithm Based on Improved YOLOv5. Electronics, 11(20), 3263.
• Girshick, R. (2015). Fast r-cnn. In Proceedings of the IEEE international conference on computer vision (pp. 1440-1448).
• Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
• Govindarajulu, Y., Amballa, A., Kulkarni, P., & Parmar, M. (2023). Targeted Attacks on Timeseries Forecasting. arXiv preprint arXiv:2301.11544.
• Gu, X., Li, S., Ren, S., Zheng, H., Fan, C., & Xu, H. (2022). Adaptive enhanced swin transformer with U-net for remote sensing image segmentation. Computers and Electrical Engineering, 102, 108223.
• Guo, Z., Wang, C., Yang, G., Huang, Z., & Li, G. (2022). Msft-yolo: Improved yolov5 based on transformer for detecting defects of steel surface. Sensors, 22(9), 3467.
• Hu, K., Zhang, Z., Niu, X., Zhang, Y., Cao, C., Xiao, F., & Gao, X. (2018). Retinal vessel segmentation of color fundus images using multiscale convolutional neural network with an improved cross-entropy loss function. Neurocomputing, 309, 179-191.
• Jiang, P., Ergu, D., Liu, F., Cai, Y., & Ma, B. (2022). A Review of Yolo algorithm developments. Procedia Computer Science, 199, 1066-1073.
• Jocher, G., Nishimura, K., Mineeva, T., & Vilariño, R. (2020). Yolov5. Code repository https://github.com/ultralytics/yolov5.
• Kurakin, A., Goodfellow, I. J., & Bengio, S. (2016). Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533, 2016.
• Längkvist, M., Kiselev, A., Alirezaie, M., & Loutfi, A. (2016). Classification and segmentation of satellite orthoimagery using convolutional neural networks. Remote Sensing, 8(4), 329.
• Liu, H., Yu, Y., Liu, S., & Wang, W. (2022). A Military Object Detection Model of UAV Reconnaissance Image and Feature Visualization. Applied Sciences, 12(23), 12236.
• Liu, S., Wu, H., Lee, H. Y., & Meng, H. (2019, December). Adversarial attacks on spoofing countermeasures of automatic speaker verification. In 2019 IEEE Automatic Speech Recognition and Understanding Workshop (ASRU) (pp. 312-319). IEEE.
• Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2017). Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083.
• Ming, Y., Meng, X., Fan, C., & Yu, H. (2021). Deep learning for monocular depth estimation: A review. Neurocomputing, 438, 14-33.
• Moustapha, M., Tasyurek, M., & Ozturk, C. (2022). A Novel YoloV5 Deep Learning Model for Handwriting Detection and Recognition. International Journal on Artificial Intelligence Tools. doi:10.1142/S0218213023500161
• Redmon, J., Divvala, S., Girshick, R., & Farhadi, A. (2016). You only look once: Unified, real-time object detection. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 779-788).
• Redmon, J., & Farhadi, A. (2017). YOLO9000: better, faster, stronger. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 7263-7271).
• Redmon, J., & Farhadi, A. (2018). Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767.
• Ren, S., He, K., Girshick, R., & Sun, J. (2015). Faster r-cnn: Towards real-time object detection with region proposal networks. Advances in neural information processing systems, 28.
• Shelatkar, T., Urvashi, D., Shorfuzzaman, M., Alsufyani, A., & Lakshmanna, K. (2022). Diagnosis of brain tumor using light weight deep learning model with fine-tuning approach. Computational and Mathematical Methods in Medicine, 2022.
• Tasyurek, M., & Gul, E. (2023). A new deep learning approach based on grayscale conversion and DWT for object detection on adversarial attacked images. The Journal of Supercomputing, 1-34.
• Terzi, R., Azginoglu, N., & Terzi, D. S. (2022). False positive repression: Data centric pipeline for object detection in brain MRI. Concurrency and Computation: Practice and Experience, 34(20), e6821.
• Wang, Y., Hao, Z., Zuo, F., & Pan, S. (2021, September). A fabric defect detection system based improved yolov5 detector. In Journal of Physics: Conference Series (Vol. 2010, No. 1, p. 012191). IOP Publishing.
• Zhang, Y., Jiang, Z., Villalba, J., & Dehak, N. (2020, October). Black-Box Attacks on Spoofing Countermeasures Using Transferability of Adversarial Examples. In Interspeech (pp. 4238-4242).