TY - JOUR
T1 - A Robust Countermeasures for Poisoning Attacks on Deep Neural Networks of Computer Interaction Systems
AU - Liu, I. Hsien
AU - Li, Jung Shian
AU - Peng, Yen Chu
AU - Liu, Chuan Gang
N1 - Funding Information:
The authors gratefully acknowledge the support of the Ministry of Science and Technology of the Taiwan under Grant MOST 108-2221-E-006-110-MY3, MOST 109-2221-E-041-001-, and MOST 111-2218-E-006-010-MBK.
Publisher Copyright:
© 2022 by the authors.
PY - 2022/8
Y1 - 2022/8
N2 - In recent years, human–computer interactions have begun to apply deep neural networks (DNNs), known as deep learning, to make them work more friendly. Nowadays, adversarial example attacks, poisoning attacks, and backdoor attacks are the typical attack examples for DNNs. In this paper, we focus on poisoning attacks and analyze three poisoning attacks on DNNs. We develop a countermeasure for poisoning attacks, which is Data Washing, an algorithm based on a denoising autoencoder. It can effectively alleviate the damages inflicted upon datasets caused by poisoning attacks. Furthermore, we also propose the Integrated Detection Algorithm (IDA) to detect various types of attacks. In our experiments, for Paralysis Attacks, Data Washing represents a significant improvement (0.5384) over accuracy increment, and can help IDA detect those attacks, while for Target Attacks, Data Washing makes it so that the false positive rate is reduced to just 1% and IDA can have a high accuracy detection rate of greater than 99%.
AB - In recent years, human–computer interactions have begun to apply deep neural networks (DNNs), known as deep learning, to make them work more friendly. Nowadays, adversarial example attacks, poisoning attacks, and backdoor attacks are the typical attack examples for DNNs. In this paper, we focus on poisoning attacks and analyze three poisoning attacks on DNNs. We develop a countermeasure for poisoning attacks, which is Data Washing, an algorithm based on a denoising autoencoder. It can effectively alleviate the damages inflicted upon datasets caused by poisoning attacks. Furthermore, we also propose the Integrated Detection Algorithm (IDA) to detect various types of attacks. In our experiments, for Paralysis Attacks, Data Washing represents a significant improvement (0.5384) over accuracy increment, and can help IDA detect those attacks, while for Target Attacks, Data Washing makes it so that the false positive rate is reduced to just 1% and IDA can have a high accuracy detection rate of greater than 99%.
UR - http://www.scopus.com/inward/record.url?scp=85136929297&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136929297&partnerID=8YFLogxK
U2 - 10.3390/app12157753
DO - 10.3390/app12157753
M3 - Article
AN - SCOPUS:85136929297
SN - 2076-3417
VL - 12
JO - Applied Sciences (Switzerland)
JF - Applied Sciences (Switzerland)
IS - 15
M1 - 7753
ER -