Deep bayesian image set classification approach for defence against adversarial attacks

Authors

Nima Mirnateghi, Edith Cowan UniversityFollow
Syed A. A. Shah, Edith Cowan UniversityFollow
Mohammed Bennamoun

Document Type

Conference Proceeding

Publication Title

2023 International Conference on Digital Image Computing: Techniques and Applications (DICTA)

Publisher

IEEE

School

School of Science

RAS ID

60364

Funders

Australian Research Council / Edith Cowan University

Grant Number

ARC Numbers : DP150100294, DP150104251

Grant Link

http://purl.org/au-research/grants/arc/DP150100294

Comments

Mirnateghi, N., Shah, S. A. A., & Bennamoun, M. (2023). Deep bayesian image set classification approach for defence against adversarial attacks. In 2023 International Conference on Digital Image Computing: Techniques and Applications (DICTA) (pp. 501-508). IEEE. https://doi.org/10.1109/DICTA60407.2023.00075

Abstract

Deep learning has become an integral part of various pattern recognition and computer vision systems in recent years due to its outstanding achievements in object recognition, facial recognition, and scene understanding. However, deep neural networks (DNNs) are susceptible to being fooled with nearly high confidence by an adversary. In practice, the vulnerability of deep learning systems against carefully perturbed images, known as adversarial examples, poses a dire security threat in physical-world applications. To address this phenomenon, we present, what to our knowledge, is the first ever image-set-based adversarial defense approach. Image set classification has shown exceptional performance for object and face recognition, owing to its intrinsic property of handling appearance variability. We propose a robust deep Bayesian image set classification as a defense framework against a broad range of adversarial attacks. We extensively experiment the performance of the proposed technique with several voting strategies. We further analyse the effects of image size, perturbation magnitude, along with the ratio of perturbed images in each image set. We also evaluate our technique with the recent state-of-the-art defense methods and single-shot recognition task. The empirical results demonstrate superior performance on the CIFAR-10, MNIST, ETH-80, and Tiny ImageNet datasets. Our code is available at https://github.com/ai-voyage/imageset-adversarial-defence.git.

DOI

10.1109/DICTA60407.2023.00075

Access Rights

subscription content