Evaluating Robustness of AI Models against Adversarial Attacks

Chih Ling Chang; Jui Lung Hung; Chin Wei Tien; Chia Wei Tien; Sy Yen Kuo

doi:10.1145/3385003.3410920

Evaluating Robustness of AI Models against Adversarial Attacks

Chih Ling Chang
, Jui Lung Hung
, Chin Wei Tien
, Chia Wei Tien
, Sy Yen Kuo

National Taiwan University
Institute for Information Industry

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

25 Scopus citations

Abstract

Recently developed adversarial attacks on neural networks have become more aggressive and dangerous, because of which Artificial Intelligence (AI) models are no longer sufficiently robust against them. It is important to have a set of effective and reliable methods to detect malicious attacks to ensure the security of AI models. Such standardized methods can also serve as a reference for researchers to develop robust models and new kinds of attacks. This study proposes a method to assess the robustness of AI models. Six commonly used image classification CNN models were evaluated when subjected to 13 types of adversarial attacks. The robustness of the models is calculated unbiased and can be used as a reference for further improvement. It is distinguished from prior related works that our algorithm is attack-agnostic and is applicable to neural network model.

Original language	English
Title of host publication	SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020
Publisher	Association for Computing Machinery, Inc
Pages	47-54
Number of pages	8
ISBN (Electronic)	9781450376112
DOIs	https://doi.org/10.1145/3385003.3410920
State	Published - 06 10 2020
Externally published	Yes
Event	1st ACM Workshop on Security and Privacy on Artificial Intelligent, SPAI 2020, Co-located with AsiaCCS 2020 - Virtual, Online, Taiwan Duration: 06 10 2020 → …

Publication series

Name	SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020

Conference

Conference	1st ACM Workshop on Security and Privacy on Artificial Intelligent, SPAI 2020, Co-located with AsiaCCS 2020
Country/Territory	Taiwan
City	Virtual, Online
Period	06/10/20 → …

Bibliographical note

Publisher Copyright:
© 2020 ACM.

Keywords

CNN
adversarial attack
adversarial example
artificial intelligence
robustness evaluation

Access to Document

10.1145/3385003.3410920

Cite this

Chang, C. L., Hung, J. L., Tien, C. W., Tien, C. W., & Kuo, S. Y. (2020). Evaluating Robustness of AI Models against Adversarial Attacks. In SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020 (pp. 47-54). (SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020). Association for Computing Machinery, Inc. https://doi.org/10.1145/3385003.3410920

Chang, Chih Ling ; Hung, Jui Lung ; Tien, Chin Wei et al. / Evaluating Robustness of AI Models against Adversarial Attacks. SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020. Association for Computing Machinery, Inc, 2020. pp. 47-54 (SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020).

@inproceedings{d16a8ccd167a4e2081af8218165246d7,

title = "Evaluating Robustness of AI Models against Adversarial Attacks",

abstract = "Recently developed adversarial attacks on neural networks have become more aggressive and dangerous, because of which Artificial Intelligence (AI) models are no longer sufficiently robust against them. It is important to have a set of effective and reliable methods to detect malicious attacks to ensure the security of AI models. Such standardized methods can also serve as a reference for researchers to develop robust models and new kinds of attacks. This study proposes a method to assess the robustness of AI models. Six commonly used image classification CNN models were evaluated when subjected to 13 types of adversarial attacks. The robustness of the models is calculated unbiased and can be used as a reference for further improvement. It is distinguished from prior related works that our algorithm is attack-agnostic and is applicable to neural network model.",

keywords = "CNN, adversarial attack, adversarial example, artificial intelligence, robustness evaluation",

author = "Chang, \{Chih Ling\} and Hung, \{Jui Lung\} and Tien, \{Chin Wei\} and Tien, \{Chia Wei\} and Kuo, \{Sy Yen\}",

note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 1st ACM Workshop on Security and Privacy on Artificial Intelligent, SPAI 2020, Co-located with AsiaCCS 2020 ; Conference date: 06-10-2020",

year = "2020",

month = oct,

day = "6",

doi = "10.1145/3385003.3410920",

language = "英语",

series = "SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020",

publisher = "Association for Computing Machinery, Inc",

pages = "47--54",

booktitle = "SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020",

}

Chang, CL, Hung, JL, Tien, CW, Tien, CW & Kuo, SY 2020, Evaluating Robustness of AI Models against Adversarial Attacks. in SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020. SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020, Association for Computing Machinery, Inc, pp. 47-54, 1st ACM Workshop on Security and Privacy on Artificial Intelligent, SPAI 2020, Co-located with AsiaCCS 2020, Virtual, Online, Taiwan, 06/10/20. https://doi.org/10.1145/3385003.3410920

Evaluating Robustness of AI Models against Adversarial Attacks. / Chang, Chih Ling; Hung, Jui Lung; Tien, Chin Wei et al.
SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020. Association for Computing Machinery, Inc, 2020. p. 47-54 (SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evaluating Robustness of AI Models against Adversarial Attacks

AU - Chang, Chih Ling

AU - Hung, Jui Lung

AU - Tien, Chin Wei

AU - Tien, Chia Wei

AU - Kuo, Sy Yen

PY - 2020/10/6

Y1 - 2020/10/6

N2 - Recently developed adversarial attacks on neural networks have become more aggressive and dangerous, because of which Artificial Intelligence (AI) models are no longer sufficiently robust against them. It is important to have a set of effective and reliable methods to detect malicious attacks to ensure the security of AI models. Such standardized methods can also serve as a reference for researchers to develop robust models and new kinds of attacks. This study proposes a method to assess the robustness of AI models. Six commonly used image classification CNN models were evaluated when subjected to 13 types of adversarial attacks. The robustness of the models is calculated unbiased and can be used as a reference for further improvement. It is distinguished from prior related works that our algorithm is attack-agnostic and is applicable to neural network model.

AB - Recently developed adversarial attacks on neural networks have become more aggressive and dangerous, because of which Artificial Intelligence (AI) models are no longer sufficiently robust against them. It is important to have a set of effective and reliable methods to detect malicious attacks to ensure the security of AI models. Such standardized methods can also serve as a reference for researchers to develop robust models and new kinds of attacks. This study proposes a method to assess the robustness of AI models. Six commonly used image classification CNN models were evaluated when subjected to 13 types of adversarial attacks. The robustness of the models is calculated unbiased and can be used as a reference for further improvement. It is distinguished from prior related works that our algorithm is attack-agnostic and is applicable to neural network model.

KW - CNN

KW - adversarial attack

KW - adversarial example

KW - artificial intelligence

KW - robustness evaluation

UR - https://www.scopus.com/pages/publications/85095982836

U2 - 10.1145/3385003.3410920

DO - 10.1145/3385003.3410920

M3 - 会议稿件

AN - SCOPUS:85095982836

T3 - SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020

SP - 47

EP - 54

BT - SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020

PB - Association for Computing Machinery, Inc

T2 - 1st ACM Workshop on Security and Privacy on Artificial Intelligent, SPAI 2020, Co-located with AsiaCCS 2020

Y2 - 6 October 2020

ER -

Chang CL, Hung JL, Tien CW, Tien CW, Kuo SY. Evaluating Robustness of AI Models against Adversarial Attacks. In SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020. Association for Computing Machinery, Inc. 2020. p. 47-54. (SPAI 2020 - Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligent, Co-located with AsiaCCS 2020). doi: 10.1145/3385003.3410920

Evaluating Robustness of AI Models against Adversarial Attacks

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this