CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

Quan Zhang; Yongqiang Tian; Yifeng Ding; Shanshan Li; Chengnian Sun; Yu Jiang; Jiaguang Sun

doi:10.1145/3597926.3598093

CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

Quan Zhang, Yongqiang Tian^*, Yifeng Ding, Shanshan Li, Chengnian Sun, Yu Jiang^*, Jiaguang Sun

^*Corresponding author for this work

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

3 Citations (Scopus)

Abstract

Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62% and 96.56% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06% of attacks, which outperforms the best of five enhancement techniques by 82.71% on average.

Original language	English
Title of host publication	ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis
Editors	Rene Just, Gordon Fraser
Publisher	Association for Computing Machinery, Inc
Pages	753-765
Number of pages	13
ISBN (Electronic)	9798400702211
DOIs	https://doi.org/10.1145/3597926.3598093
Publication status	Published - 12 Jul 2023
Externally published	Yes
Event	32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023 - Seattle, United States Duration: 17 Jul 2023 → 21 Jul 2023

Publication series

Name	ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

Conference

Conference	32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023
Country/Territory	United States
City	Seattle
Period	17/07/23 → 21/07/23

Bibliographical note

Publisher Copyright:
© 2023 ACM.

Keywords

Deep Learning System
Robustness Enhancement

Access to Document

10.1145/3597926.3598093

Cite this

Zhang, Q., Tian, Y., Ding, Y., Li, S., Sun, C., Jiang, Y., & Sun, J. (2023). CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. In R. Just, & G. Fraser (Eds.), ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (pp. 753-765). (ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis). Association for Computing Machinery, Inc. https://doi.org/10.1145/3597926.3598093

Zhang, Quan ; Tian, Yongqiang ; Ding, Yifeng et al. / CoopHance : Cooperative Enhancement for Robustness of Deep Learning Systems. ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. editor / Rene Just ; Gordon Fraser. Association for Computing Machinery, Inc, 2023. pp. 753-765 (ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis).

@inproceedings{0b693cd30fd74149b6e03c933c982af4,

title = "CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems",

abstract = "Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62\% and 96.56\% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14\% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06\% of attacks, which outperforms the best of five enhancement techniques by 82.71\% on average.",

keywords = "Deep Learning System, Robustness Enhancement",

author = "Quan Zhang and Yongqiang Tian and Yifeng Ding and Shanshan Li and Chengnian Sun and Yu Jiang and Jiaguang Sun",

note = "Publisher Copyright: {\textcopyright} 2023 ACM.; 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023 ; Conference date: 17-07-2023 Through 21-07-2023",

year = "2023",

month = jul,

day = "12",

doi = "10.1145/3597926.3598093",

language = "English",

series = "ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis",

publisher = "Association for Computing Machinery, Inc",

pages = "753--765",

editor = "Rene Just and Gordon Fraser",

booktitle = "ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis",

}

Zhang, Q, Tian, Y, Ding, Y, Li, S, Sun, C, Jiang, Y & Sun, J 2023, CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. in R Just & G Fraser (eds), ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Association for Computing Machinery, Inc, pp. 753-765, 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023, Seattle, United States, 17/07/23. https://doi.org/10.1145/3597926.3598093

CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. / Zhang, Quan; Tian, Yongqiang; Ding, Yifeng et al.
ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. ed. / Rene Just; Gordon Fraser. Association for Computing Machinery, Inc, 2023. p. 753-765 (ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis).

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

TY - GEN

T1 - CoopHance

T2 - 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023

AU - Zhang, Quan

AU - Tian, Yongqiang

AU - Ding, Yifeng

AU - Li, Shanshan

AU - Sun, Chengnian

AU - Jiang, Yu

AU - Sun, Jiaguang

PY - 2023/7/12

Y1 - 2023/7/12

N2 - Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62% and 96.56% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06% of attacks, which outperforms the best of five enhancement techniques by 82.71% on average.

AB - Adversarial attacks have been a threat to Deep Learning (DL) systems to be reckoned with. By adding human-imperceptible perturbation to benign inputs, adversarial attacks can cause the incorrect behavior of DL systems. Considering the popularity of DL systems in the industry, it is critical and urgent for developers to enhance the robustness of DL systems against adversarial attacks. In this study, we propose a novel enhancement technique for DL systems, namely CoopHance. CoopHance leverages two specifically customized components, Regulator and Inspector, to cooperatively enhance the DL systems' robustness against adversarial examples with different distortions. Regulator can purify adversarial examples with low or moderate distortions, while Inspector is responsible for detecting these adversarial examples with high distortion by capturing the abnormal status of DL systems. Our evaluation using various attacks shows that, on average, CoopHance can successfully resist 90.62% and 96.56% of the adversarial examples that are generated for the unprotected systems on CIFAR-10 and SVHN datasets separately, which is 188.14% more effective than five state-of-the-art enhancement techniques, including Feature Squeeze, LID, SOAP, Adversarial Training, and MagNet. Meanwhile, when attackers generate new adversarial examples on the enhanced systems, CoopHance can reject 78.06% of attacks, which outperforms the best of five enhancement techniques by 82.71% on average.

KW - Deep Learning System

KW - Robustness Enhancement

UR - https://www.webofscience.com/wos/woscc/full-record/WOS:001122661400061

UR - https://openalex.org/W4384155496

UR - https://www.scopus.com/pages/publications/85167738763

U2 - 10.1145/3597926.3598093

DO - 10.1145/3597926.3598093

M3 - Conference Paper published in a book

T3 - ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

SP - 753

EP - 765

BT - ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

A2 - Just, Rene

A2 - Fraser, Gordon

PB - Association for Computing Machinery, Inc

Y2 - 17 July 2023 through 21 July 2023

ER -

Zhang Q, Tian Y, Ding Y, Li S, Sun C, Jiang Y et al. CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems. In Just R, Fraser G, editors, ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery, Inc. 2023. p. 753-765. (ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis). doi: 10.1145/3597926.3598093

CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this