Towards Evaluating the Robustness of Adversarial Attacks Against Image Scaling Transformation

ZHENG Jiamin; ZHANG Yaoyuan; LI Yuanzhang; WU Shangbo; YU Xiao

doi:10.23919/cje.2021.00.309

Volume 32 Issue 1

Jan. 2023

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2023 > 32(1): 151-158

ZHENG Jiamin, ZHANG Yaoyuan, LI Yuanzhang, et al., “Towards Evaluating the Robustness of Adversarial Attacks Against Image Scaling Transformation,” Chinese Journal of Electronics, vol. 32, no. 1, pp. 151-158, 2023, doi: 10.23919/cje.2021.00.309

Citation:

ZHENG Jiamin, ZHANG Yaoyuan, LI Yuanzhang, et al., “Towards Evaluating the Robustness of Adversarial Attacks Against Image Scaling Transformation,” Chinese Journal of Electronics, vol. 32, no. 1, pp. 151-158, 2023, doi: 10.23919/cje.2021.00.309

Citation:

PDF( 2690 KB)

Towards Evaluating the Robustness of Adversarial Attacks Against Image Scaling Transformation

doi: 10.23919/cje.2021.00.309

1.
School of E-Business and Logistics, Beijing Technology and Business University, Beijing 100048, China
2.
School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China
3.
School of Computer Science and Technology, Shandong University of Technology, Shandong 255000, China

Funds: This work was supported by the National Natural Science Foundation of China (61876019, U1936218, 62072037)

More Information

Author Bio:
Jiamin ZHENG is a Ph.D. and Associate Professor in School of E-Business and Logistics at Beijing Technology and Business University. His main research interests include information security, and artificial intelligence. (Email: zhengjm@btbu.edu.cn)

Yaoyuan ZHANG received the B.E. degree in computer science of technology from Beijing Institute of Technology, in 2017, where she is currently pursuing the Ph.D. degree. Her research interests include artificial intelligence security. Recently, her research focus has been in the area of computer vision adversarial attack. (Email: yaoyuan@bit.edu.cn)

Yuanzhang LI received the B.S., M.S., and Ph.D. degrees in software and theory of computer from Beijing Institute of Technology in 2001, 2004, and 2015, respectively. He has been an Associate Professor with Beijing Institute of Technology. His research interests include mobile computing and information security. (Email: popular@bit.edu.cn)

Shangbo WU graduated from the School of Computer Science and Technology, Beijing Institute of Technology, in 2020. He received the M.S. degree from University of Glasgow in 2022. His main research interest lies in the areas of semantic black-box adversarial attacks for both classifiers and object detectors. (Email: wu@bit.edu.cn)

Xiao YU (corresponding author) is a Ph.D., Associate Professor and Master Supervisor in Department of Computer Science and Technology, Shandong University of Technology. His current research interests include artificial intelligence security and embedded system. (Email: yuxiao8907118@163.com)
Received Date: 2021-08-26
Accepted Date: 2021-11-30

Available Online: 2022-01-24

Publish Date: 2023-01-05

Abstract

Abstract

The robustness of adversarial examples to image scaling transformation is usually ignored when most existing adversarial attacks are proposed. In contrast, image scaling is often the first step of the model to transfer various sizes of input images into fixed ones. We evaluate the impact of image scaling on the robustness of adversarial examples applied to image classification tasks. We set up an image scaling system to provide a basis for robustness evaluation and conduct experiments in different situations to explore the relationship between image scaling and the robustness of adversarial examples. Experiment results show that various scaling algorithms have a similar impact on the robustness of adversarial examples, but the scaling ratio significantly impacts it.
- Adversarial examples,
- Image scaling,
- Image classification,
- Deep learning

ImageNette is open source at https://github.com/fastai/imagenette
fast.ai is the first deep learning library to provide a unified interface for all the most commonly used deep learning applications for vision, text, tabular data, time series, and collaborative filtering. Official website: https://www.fast.ai/

FullText(HTML)

References(19)

References

[1]	W. Li, W. Meng, Z. Tan, and Y. Xiang, “Design of multi-view based email classification for IOT systems via semi-supervised learning,” Journal of Network and Computer Applications, vol.128, pp.56–63, 2019. doi: 10.1016/j.jnca.2018.12.002
[2]	F. Ullah, H. Naeem, S. Jabbar, S. Khalid, M. A. Latif, et al., “Cyber security threats detection in Internet of things using deep learning approach,” IEEE Access, vol.7, pp.124379–124389, 2019. doi: 10.1109/ACCESS.2019.2937347
[3]	F. Al-Turjman, H. Zahmatkesh, and L. Mostarda, “Quantifying uncertainty in internet of medical things and big-data services using intelligence and deep learning,” IEEE Access, vol.7, pp.115749–115759, 2019. doi: 10.1109/ACCESS.2019.2931637
[4]	Z. Lv, W. Mazurczyk, S. Wendzel, and H. Song, “Guest editorial: Recent advances in cyber-physical security in industrial environments,” IEEE Transactions on Industrial Informatics, vol.15, no.12, pp.6468–6471, 2019. doi: 10.1109/TII.2019.2945971
[5]	M. Daraghmeh, I. Al Ridhawi, M. Aloqaily, Y. Jararweh, and A. Agarwal. “A power management approach to reduce energy consumption for edge computing servers,” in Proceedings of 2019 Forth International Conference on Fog and Mobile Edge Computing, Rome, Italy, pp.259–264, 2019.
[6]	Shuming Qiu, Ding Wang, Guoai Xu, and Saru Kumari, “Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices,” IEEE Transactions on Dependable and Secure Computing, vol.19, no.2, pp.1338–1351, 2020. doi: 10.1109/TDSC.2020.3022797
[7]	C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, et al., “Intriguing properties of neural networks,” arXiv preprint, arXiv:1312.6199, 2013.
[8]	Z. Gu, Y. Xie, W. Hu, L. Yin, Y. Han, and Z. Tian, “Marginal attacks of generating adversarial examples for spam filtering,” Chinese Journal of Electronics, vol.30, no.4, pp.595–602, 2021. doi: 10.1049/cje.2021.05.001
[9]	C. Wang, D. Wang, Y. Tu, et al., “Understanding node capture attacks in user authentication schemes for wireless sensor networks,” IEEE Transactions on Dependable and Secure Computing, vol.19, no.1, pp.507–523, 2022. doi: 10.1109/TDSC.2020.2974220
[10]	H. Lyu, Y. Tan, Y. Xue, Y. Wang, and J. Xue, “A CMA-ES-based adversarial attack against black-box object detectors,” Chinese Journal of Electronics, vol.30, no.3, pp.406–412, 2021. doi: 10.1049/cje.2021.03.003
[11]	H. Zhang, Y. Yu, J. Jiao, E. Xing, et al., “Theoretically principled trade-off between robustness and accuracy,” in Proceedings of the 36th International Conference on Machine Learning, California, USA, pp.7472–7482, 2019.
[12]	C. Xie, Z. Zhang, Y. Zhou, S. Bai, J. Wang, Z. Ren, and A. L. Yuille, “Improving transferability of adversarial examples with input diversity,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Long Beach, CA, USA, pp.2725–2734, 2019.
[13]	D. Wang, X. Zhang, Z. Zhang, and P. Wang, “Understanding security failures of multi-factor authentication schemes for multi-server environments,” Computers & Security, vol.88, article no.101619, 2020. doi: 10.1016/j.cose.2019.101619
[14]	T. Yu, S. Wang, C. Zhang, Z. Wang, Y. Li, and X.Yu, “Targeted adversarial examples generating method based on cVAE in black box settings,” Chinese Journal of Electronics, vol.30, no.5, pp.866–875, 2021. doi: 10.1049/cje.2021.06.009
[15]	Y. Dong, Q. Fu, X. Yang, T. Pang, et al., “Benchmarking adversarial robustness on image classification,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle, WA, USA, pp.318–328, 2020.
[16]	C. Wang, D. Wang, G. Xu, and D. He, “Efficient privacy-preserving user authentication scheme with forward secrecy for industry 4.0,” Science China Information Sciences, vol.65, no.1, article no.112301, 2022. doi: 10.1007/s11432-020-2975-6
[17]	J. Chen, M. I. Jordan, and M. J. Wainwright, “HopSkipJumpAttack: A query-efficient decision-based attack,” in Proceedings of 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp.1277–1294, 2020.
[18]	J. Deng, W. Dong, R. Socher, L. Li, K. Li and F. Li, “Imagenet: A large-scale hierarchical image database,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Miami, FL, USA, pp.248–255, 2009.
[19]	K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA, pp.770–778, 2016.