IDEAS home Printed from https://ideas.repec.org/a/spr/joptap/v198y2023i3d10.1007_s10957-023-02273-6.html
   My bibliography  Save this article

Detection of Iterative Adversarial Attacks via Counter Attack

Author

Listed:
  • Matthias Rottmann

    (University of Wuppertal)

  • Kira Maag

    (Ruhr University Bochum)

  • Mathis Peyron

    (Institut de Recherche en Informatique de Toulouse)

  • Hanno Gottschalk

    (Technical University of Berlin)

  • Nataša Krejić

    (University of Novi Sad)

Abstract

Deep neural networks (DNNs) have proven to be powerful tools for processing unstructured data. However, for high-dimensional data, like images, they are inherently vulnerable to adversarial attacks. Small almost invisible perturbations added to the input can be used to fool DNNs. Various attacks, hardening methods and detection methods have been introduced in recent years. Notoriously, Carlini–Wagner (CW)-type attacks computed by iterative minimization belong to those that are most difficult to detect. In this work we outline a mathematical proof that the CW attack can be used as a detector itself. That is, under certain assumptions and in the limit of attack iterations this detector provides asymptotically optimal separation of original and attacked images. In numerical experiments, we experimentally validate this statement and furthermore obtain AUROC values up to $$99.73\%$$ 99.73 % on CIFAR10 and ImageNet. This is in the upper part of the spectrum of current state-of-the-art detection rates for CW attacks.

Suggested Citation

  • Matthias Rottmann & Kira Maag & Mathis Peyron & Hanno Gottschalk & Nataša Krejić, 2023. "Detection of Iterative Adversarial Attacks via Counter Attack," Journal of Optimization Theory and Applications, Springer, vol. 198(3), pages 892-929, September.
    • Handle: RePEc:spr:joptap:v:198:y:2023:i:3:d:10.1007_s10957-023-02273-6
    DOI: 10.1007/s10957-023-02273-6
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10957-023-02273-6
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10957-023-02273-6?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. M. V. Solodov & S. K. Zavriev, 1998. "Error Stability Properties of Generalized Gradient-Type Algorithms," Journal of Optimization Theory and Applications, Springer, vol. 98(3), pages 663-680, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Regina S. Burachik & Yaohua Hu & Xiaoqi Yang, 2022. "Interior quasi-subgradient method with non-Euclidean distances for constrained quasi-convex optimization problems in hilbert spaces," Journal of Global Optimization, Springer, vol. 83(2), pages 249-271, June.
    2. Larsson, Torbjorn & Patriksson, Michael & Stromberg, Ann-Brith, 2003. "On the convergence of conditional [var epsilon]-subgradient methods for convex programs and convex-concave saddle-point problems," European Journal of Operational Research, Elsevier, vol. 151(3), pages 461-473, December.
    3. Elena Tovbis & Vladimir Krutikov & Predrag Stanimirović & Vladimir Meshechkin & Aleksey Popov & Lev Kazakovtsev, 2023. "A Family of Multi-Step Subgradient Minimization Methods," Mathematics, MDPI, vol. 11(10), pages 1-24, May.
    4. Peng Zhang & Gejun Bao, 2018. "An Incremental Subgradient Method on Riemannian Manifolds," Journal of Optimization Theory and Applications, Springer, vol. 176(3), pages 711-727, March.
    5. Xiaoliang Wang & Liping Pang & Qi Wu & Mingkun Zhang, 2021. "An Adaptive Proximal Bundle Method with Inexact Oracles for a Class of Nonconvex and Nonsmooth Composite Optimization," Mathematics, MDPI, vol. 9(8), pages 1-27, April.
    6. Jinpeng Ma & Qiongling Li, 2016. "Convergence of price processes under two dynamic double auctions," The Journal of Mechanism and Institution Design, Society for the Promotion of Mechanism and Institution Design, University of York, vol. 1(1), pages 1-44, December.
    7. M. V. Solodov, 2003. "On Approximations with Finite Precision in Bundle Methods for Nonsmooth Optimization," Journal of Optimization Theory and Applications, Springer, vol. 119(1), pages 151-165, October.
    8. Grégory Emiel & Claudia Sagastizábal, 2010. "Incremental-like bundle methods with application to energy planning," Computational Optimization and Applications, Springer, vol. 46(2), pages 305-332, June.
    9. Xiaojing Xu & Jinpeng Ma & Xiaoping Xie, 2019. "Price Convergence under a Probabilistic Double Auction," Computational Economics, Springer;Society for Computational Economics, vol. 54(3), pages 1113-1155, October.
    10. Wenma Jin & Yair Censor & Ming Jiang, 2016. "Bounded perturbation resilience of projected scaled gradient methods," Computational Optimization and Applications, Springer, vol. 63(2), pages 365-392, March.
    11. S. Sundhar Ram & A. Nedić & V. V. Veeravalli, 2010. "Distributed Stochastic Subgradient Projection Algorithms for Convex Optimization," Journal of Optimization Theory and Applications, Springer, vol. 147(3), pages 516-545, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:joptap:v:198:y:2023:i:3:d:10.1007_s10957-023-02273-6. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.