Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty

Camilo Pestana; Wei Liu; David Glance; Ajmal Mian

doi:10.1109/WACV48630.2021.00060

Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty

Camilo Pestana, Wei Liu, David Glance, Ajmal Mian

Research output: Chapter in Book/Conference paper › Conference paper › peer-review

3 Citations (Scopus)

69 Downloads (Pure)

Abstract

Dataset bias is a problem in adversarial machine learning, especially in the evaluation of defenses. An adversarial attack or defense algorithm may show better results on the reported dataset than can be replicated on other datasets. Even when two algorithms are compared, their relative performance can vary depending on the dataset. Deep learning offers state-of-the-art solutions for image recognition, but deep models are vulnerable even to small perturbations. Research in this area focuses primarily on adversarial attacks and defense algorithms. In this paper, we report for the first time, a class of robust images that are both resilient to attacks and that recover better than random images under adversarial attacks using simple defense techniques. Thus, a test dataset with a high proportion of robust images gives a misleading impression about the performance of an adversarial attack or defense. We propose three metrics to determine the proportion of robust images in a dataset and provide scoring to determine the dataset bias. We also provide an ImageNet-R dataset of 15000+ robust images to facilitate further research on this intriguing phenomenon of image strength under attack. Our dataset, combined with the proposed metrics, is valuable for unbiased benchmarking of adversarial attack and defense algorithms. © 2021 IEEE.

Original language	English
Title of host publication	Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV)
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	556-565
Number of pages	10
ISBN (Electronic)	9780738142661
DOIs	https://doi.org/10.1109/WACV48630.2021.00060
Publication status	Published - 5 Jan 2021
Event	2021 IEEE Winter Conference on Applications of Computer Vision - Virtual, Virtual Duration: 5 Jan 2021 → 9 Jan 2021

Publication series

Name	Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021

Conference

Conference	2021 IEEE Winter Conference on Applications of Computer Vision
Abbreviated title	WACV 2021
Country/Territory	Virtual
Period	5/01/21 → 9/01/21

Access to Document

10.1109/WACV48630.2021.00060

Pestana, et al., 2021 Defense-friendly images in Adversarial Attacks...Accepted author manuscript, 554 KB

Cite this

Pestana, C., Liu, W., Glance, D., & Mian, A. (2021). Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty. In Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV) (pp. 556-565). (Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/WACV48630.2021.00060

Pestana, Camilo ; Liu, Wei ; Glance, David et al. / Defense-Friendly Images in Adversarial Attacks : Dataset and Metrics for Perturbation Difficulty. Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV). IEEE, Institute of Electrical and Electronics Engineers, 2021. pp. 556-565 (Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021).

@inproceedings{9effdec440a6448f9b60e5f934ba7dd2,

title = "Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty",

abstract = "Dataset bias is a problem in adversarial machine learning, especially in the evaluation of defenses. An adversarial attack or defense algorithm may show better results on the reported dataset than can be replicated on other datasets. Even when two algorithms are compared, their relative performance can vary depending on the dataset. Deep learning offers state-of-the-art solutions for image recognition, but deep models are vulnerable even to small perturbations. Research in this area focuses primarily on adversarial attacks and defense algorithms. In this paper, we report for the first time, a class of robust images that are both resilient to attacks and that recover better than random images under adversarial attacks using simple defense techniques. Thus, a test dataset with a high proportion of robust images gives a misleading impression about the performance of an adversarial attack or defense. We propose three metrics to determine the proportion of robust images in a dataset and provide scoring to determine the dataset bias. We also provide an ImageNet-R dataset of 15000+ robust images to facilitate further research on this intriguing phenomenon of image strength under attack. Our dataset, combined with the proposed metrics, is valuable for unbiased benchmarking of adversarial attack and defense algorithms. {\textcopyright} 2021 IEEE.",

author = "Camilo Pestana and Wei Liu and David Glance and Ajmal Mian",

year = "2021",

month = jan,

day = "5",

doi = "10.1109/WACV48630.2021.00060",

language = "English",

series = "Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

pages = "556--565",

booktitle = "Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV)",

address = "United States",

note = "2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021 ; Conference date: 05-01-2021 Through 09-01-2021",

}

Pestana, C, Liu, W , Glance, D & Mian, A 2021, Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty. in Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV). Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021, IEEE, Institute of Electrical and Electronics Engineers, pp. 556-565, 2021 IEEE Winter Conference on Applications of Computer Vision, Virtual, 5/01/21. https://doi.org/10.1109/WACV48630.2021.00060

Defense-Friendly Images in Adversarial Attacks : Dataset and Metrics for Perturbation Difficulty. / Pestana, Camilo; Liu, Wei ; Glance, David et al.

Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV). IEEE, Institute of Electrical and Electronics Engineers, 2021. p. 556-565 (Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021).

Research output: Chapter in Book/Conference paper › Conference paper › peer-review

TY - GEN

T1 - Defense-Friendly Images in Adversarial Attacks

T2 - 2021 IEEE Winter Conference on Applications of Computer Vision

AU - Pestana, Camilo

AU - Liu, Wei

AU - Glance, David

AU - Mian, Ajmal

PY - 2021/1/5

Y1 - 2021/1/5

N2 - Dataset bias is a problem in adversarial machine learning, especially in the evaluation of defenses. An adversarial attack or defense algorithm may show better results on the reported dataset than can be replicated on other datasets. Even when two algorithms are compared, their relative performance can vary depending on the dataset. Deep learning offers state-of-the-art solutions for image recognition, but deep models are vulnerable even to small perturbations. Research in this area focuses primarily on adversarial attacks and defense algorithms. In this paper, we report for the first time, a class of robust images that are both resilient to attacks and that recover better than random images under adversarial attacks using simple defense techniques. Thus, a test dataset with a high proportion of robust images gives a misleading impression about the performance of an adversarial attack or defense. We propose three metrics to determine the proportion of robust images in a dataset and provide scoring to determine the dataset bias. We also provide an ImageNet-R dataset of 15000+ robust images to facilitate further research on this intriguing phenomenon of image strength under attack. Our dataset, combined with the proposed metrics, is valuable for unbiased benchmarking of adversarial attack and defense algorithms. © 2021 IEEE.

AB - Dataset bias is a problem in adversarial machine learning, especially in the evaluation of defenses. An adversarial attack or defense algorithm may show better results on the reported dataset than can be replicated on other datasets. Even when two algorithms are compared, their relative performance can vary depending on the dataset. Deep learning offers state-of-the-art solutions for image recognition, but deep models are vulnerable even to small perturbations. Research in this area focuses primarily on adversarial attacks and defense algorithms. In this paper, we report for the first time, a class of robust images that are both resilient to attacks and that recover better than random images under adversarial attacks using simple defense techniques. Thus, a test dataset with a high proportion of robust images gives a misleading impression about the performance of an adversarial attack or defense. We propose three metrics to determine the proportion of robust images in a dataset and provide scoring to determine the dataset bias. We also provide an ImageNet-R dataset of 15000+ robust images to facilitate further research on this intriguing phenomenon of image strength under attack. Our dataset, combined with the proposed metrics, is valuable for unbiased benchmarking of adversarial attack and defense algorithms. © 2021 IEEE.

U2 - 10.1109/WACV48630.2021.00060

DO - 10.1109/WACV48630.2021.00060

M3 - Conference paper

T3 - Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021

SP - 556

EP - 565

BT - Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV)

PB - IEEE, Institute of Electrical and Electronics Engineers

Y2 - 5 January 2021 through 9 January 2021

ER -

Pestana C, Liu W , Glance D , Mian A. Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty. In Conference Proceedings 2021 IEEE Winter Conference on Applications of Computer Vision (WACV). IEEE, Institute of Electrical and Electronics Engineers. 2021. p. 556-565. (Proceedings - 2021 IEEE Winter Conference on Applications of Computer Vision, WACV 2021). https://doi.org/10.1109/WACV48630.2021.00060

Defense-Friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this