The paper discusses an approach to protecting image recognition systems from adversarial attacks such as FGSM (Fast Gradient Sign Method), based on a combination of various security methods. The FGSM attack is one of the most common adversarial attacks. It is based on adding subtle perturbations to the input data to deceive the machine learning model and cause errors in the image recognition process. To improve recognition accuracy in the face of FGSM attacks, the following security methods are considered: noise reduction, compression, and neural image cleaning. Combining security methods involves finding the optimal parameters that characterize these methods, at which the recognition accuracy becomes maximum. The effectiveness of the security methods under consideration is evaluated using the CIFAR-10 dataset. The choice of this dataset due to its wide application in image classification problems. The experimental results show that combining these security methods allows achieving maximum accuracy of image recognition in the face of FGSM attacks. The results obtained can be useful for developing more reliable computer vision systems that can withstand modern threats in the field of machine learning. The proposed approach demonstrates the promise of using hybrid security strategies to ensure the security of AI systems in real-world applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Combining Methods to Protect Image Recognition Systems from Adversarial FGSM Attacks

  • Igor Kotenko,
  • Igor Saenko,
  • Vladimir Sadovnikov

摘要

The paper discusses an approach to protecting image recognition systems from adversarial attacks such as FGSM (Fast Gradient Sign Method), based on a combination of various security methods. The FGSM attack is one of the most common adversarial attacks. It is based on adding subtle perturbations to the input data to deceive the machine learning model and cause errors in the image recognition process. To improve recognition accuracy in the face of FGSM attacks, the following security methods are considered: noise reduction, compression, and neural image cleaning. Combining security methods involves finding the optimal parameters that characterize these methods, at which the recognition accuracy becomes maximum. The effectiveness of the security methods under consideration is evaluated using the CIFAR-10 dataset. The choice of this dataset due to its wide application in image classification problems. The experimental results show that combining these security methods allows achieving maximum accuracy of image recognition in the face of FGSM attacks. The results obtained can be useful for developing more reliable computer vision systems that can withstand modern threats in the field of machine learning. The proposed approach demonstrates the promise of using hybrid security strategies to ensure the security of AI systems in real-world applications.