Analyzing the Security Vulerabilities of Deep Neural Networks: Attacks and Defenses

Abstract

Over the past few years Machine Learning algorithms, especially, Deep Neural Networks have emerged as a primary solution to handle large amount of data using statistical inference in many applications e.g. autonomous vehicles, image recognition, biometric systems, transportation management etc. However, these DNNs are inherently vulnerable to several security attacks, primarily, because of their high dependency on the training dataset. One of the most common attack used to fool DNNs is data poisoning during inference. Such security attacks can be classified into two large categories: perceptible and imperceptible attacks. Imperceptible Attacks are more critical and crucial because they cannot be inferred through manual inspection. In literature, several imperceptible attacks have been introduced, i.e., Gradient-Based Attacks (by estimating the gradients of the loss function), Decision-Based Attacks and Score-Based Attacks (which analyze the probabilistic behavior of the individual input components to estimate the gradients of the DNNs), etc. To mitigate these attacks, multiple defenses have been proposed based on feature squeezing, adversarial data augmentation and Generative Adversarial Networks (GAN). However, most of the state-of-the-art defenses are computationally very expensive and have been broken by generating stronger attacks using the same approaches. Therefore, in this thesis, first we analyze the state-of-the-art imperceptible attacks from well know DNN attack lib rary, i.e., Cleverhans, to identify the respective limitations. Then, based on these limitations we investigate the simple computationally efficient defenses to increase the robustness of deep neural networks against such attacks. Furthermore, based on this analysis, we explore more security vulnerabilities in DNNs for developing the more powerful attacks.