CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

Quan Zhang; Yongqiang Tian; Yifeng Ding; Shanshan Li; Chengnian Sun; Yu Jiang; Jiaguang Sun

doi:10.1145/3597926.3598093

CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

Quan Zhang, Yongqiang Tian, Yifeng Ding, Shanshan Li, Chengnian Sun, Yu Jiang, Jiaguang Sun

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

4 Citations (Scopus)

Abstract

Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62% and 96.56% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06% of attacks, which outperforms the best of five enhancement techniques by 82.71% on average.

Original language	English
Title of host publication	Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis
Editors	Rene Just, Gordon Fraser
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	753-765
Number of pages	13
ISBN (Electronic)	9798400702211
DOIs	https://doi.org/10.1145/3597926.3598093
Publication status	Published - 2023
Externally published	Yes
Event	International Symposium on Software Testing and Analysis 2023 - Seattle, United States of America Duration: 17 Jul 2023 → 21 Jul 2023 Conference number: 32nd https://dl.acm.org/doi/proceedings/10.1145/3597926 (Proceedings) https://conf.researchr.org/home/issta-2023 (Website)

Conference

Conference	International Symposium on Software Testing and Analysis 2023
Abbreviated title	ISSTA 2023
Country/Territory	United States of America
City	Seattle
Period	17/07/23 → 21/07/23
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3597926 (Proceedings) https://conf.researchr.org/home/issta-2023 (Website)

Keywords

Deep Learning System
Robustness Enhancement

Access to Document

10.1145/3597926.3598093Licence: CC BY

Cite this

Zhang, Q., Tian, Y., Ding, Y., Li, S., Sun, C., Jiang, Y., & Sun, J. (2023). CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. In R. Just, & G. Fraser (Eds.), Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (pp. 753-765). Association for Computing Machinery (ACM). https://doi.org/10.1145/3597926.3598093

@inproceedings{2e0ce24be5fa4e138bf356ab9d55aad7,

title = "CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems",

abstract = "Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62\% and 96.56\% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14\% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06\% of attacks, which outperforms the best of five enhancement techniques by 82.71\% on average.",

keywords = "Deep Learning System, Robustness Enhancement",

author = "Quan Zhang and Yongqiang Tian and Yifeng Ding and Shanshan Li and Chengnian Sun and Yu Jiang and Jiaguang Sun",

note = "Publisher Copyright: {\textcopyright} 2023 ACM.; International Symposium on Software Testing and Analysis 2023, ISSTA 2023 ; Conference date: 17-07-2023 Through 21-07-2023",

year = "2023",

doi = "10.1145/3597926.3598093",

language = "English",

pages = "753--765",

editor = "Rene Just and Gordon Fraser",

booktitle = "Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

url = "https://dl.acm.org/doi/proceedings/10.1145/3597926, https://conf.researchr.org/home/issta-2023",

}

Zhang, Q, Tian, Y, Ding, Y, Li, S, Sun, C, Jiang, Y & Sun, J 2023, CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. in R Just & G Fraser (eds), Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery (ACM), New York NY USA, pp. 753-765, International Symposium on Software Testing and Analysis 2023, Seattle, Washington, United States of America, 17/07/23. https://doi.org/10.1145/3597926.3598093

CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. / Zhang, Quan; Tian, Yongqiang; Ding, Yifeng et al.
Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. ed. / Rene Just; Gordon Fraser. New York NY USA: Association for Computing Machinery (ACM), 2023. p. 753-765.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - CoopHance

T2 - International Symposium on Software Testing and Analysis 2023

AU - Zhang, Quan

AU - Tian, Yongqiang

AU - Ding, Yifeng

AU - Li, Shanshan

AU - Sun, Chengnian

AU - Jiang, Yu

AU - Sun, Jiaguang

N1 - Conference code: 32nd

PY - 2023

Y1 - 2023

N2 - Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62% and 96.56% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06% of attacks, which outperforms the best of five enhancement techniques by 82.71% on average.

AB - Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62% and 96.56% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06% of attacks, which outperforms the best of five enhancement techniques by 82.71% on average.

KW - Deep Learning System

KW - Robustness Enhancement

UR - https://www.scopus.com/pages/publications/85167738763

U2 - 10.1145/3597926.3598093

DO - 10.1145/3597926.3598093

M3 - Conference Paper

AN - SCOPUS:85167738763

SP - 753

EP - 765

BT - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

A2 - Just, Rene

A2 - Fraser, Gordon

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 17 July 2023 through 21 July 2023

ER -

CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this