E. O. Kurdenkova, M. S. Cherepnina, A. S. Chistyakova, K. V. Arkhipenko, “Effect of transformations on the success of adversarial attacks for Clipped BagNet and ResNet image classifiers”, Proceedings of ISP RAS, 34:6 (2022), 101

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2022, Volume 34, Issue 6, Pages 101–116
DOI: https://doi.org/10.15514/ISPRAS-2022-34(6)-7 (Mi tisp741)

This article is cited in 2 scientific papers (total in 2 papers)

Effect of transformations on the success of adversarial attacks for Clipped BagNet and ResNet image classifiers

E. O. Kurdenkova^a, M. S. Cherepnina^b, A. S. Chistyakova^ac, K. V. Arkhipenko^a

^a Ivannikov Institute for System Programming of the RAS
^b Technical University of Munich
^c Lomonosov Moscow State University

Full-text PDF (1738 kB) Citations (2)

DOI: https://doi.org/10.15514/ISPRAS-2022-34(6)-7

Abstract: Our paper compares the accuracy of the vanilla ResNet-18 model with the accuracy of the Clipped BagNet-33 and BagNet-33 models with adversarial learning under different conditions. We performed experiments on images attacked by the adversarial sticker under conditions of image transformations. The adversarial sticker is a small region of the attacked image, inside which the pixel values can be changed indefinitely, and this can generate errors in the model prediction. The transformations of the attacked images in this paper simulate the distortions that appear in the physical world when a change in perspective, scale or lighting changes the image. Our experiments show that models from the BagNet family perform poorly on images in low quality. We also analyzed the effects of different types of transformations on the models' robustness to adversarial attacks and the tolerance of these attacks.

Keywords: adversarial attack, adversarial patch, BagNet architecture, adversarial training, projected gradient descent

Document Type: Article

Language: Russian

Citation: E. O. Kurdenkova, M. S. Cherepnina, A. S. Chistyakova, K. V. Arkhipenko, “Effect of transformations on the success of adversarial attacks for Clipped BagNet and ResNet image classifiers”, Proceedings of ISP RAS, 34:6 (2022), 101–116

Citation in format AMSBIB

\Bibitem{KurCheChi22}

\by E.~O.~Kurdenkova, M.~S.~Cherepnina, A.~S.~Chistyakova, K.~V.~Arkhipenko

\paper Effect of transformations on the success of adversarial attacks for Clipped BagNet and ResNet image classifiers

\jour Proceedings of ISP RAS

\yr 2022

\vol 34

\issue 6

\pages 101--116

\mathnet{http://mi.mathnet.ru/tisp741}

\crossref{https://doi.org/10.15514/ISPRAS-2022-34(6)-7}

Linking options:

https://www.mathnet.ru/eng/tisp741

https://www.mathnet.ru/eng/tisp/v34/i6/p101

This publication is cited in the following 2 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	12
Full-text PDF :	15

Что такое QR-код?

Registration to the website

Logotypes