Impact of Model Architecture Against Adversarial Example's Effectivity
DOI:
https://doi.org/10.47611/jsrhs.v10i2.1612Keywords:
Machine Learning, Keras, Adversarial Examples, Donkeycar, Model ArchitectureAbstract
The purpose of this study is to gain an understanding of the impact of model architecture on the efficacy of adversarial examples against machine learning systems implemented in self-driving applications. Prior research shows how to create and train against adversarial examples in many use cases; however, there is no definite understanding of how a machine learning model’s architecture affects the efficacy of adversarial examples. Data was collected through an experimental setting involving end-to-end self-driving models trained through behavioral cloning. Three model types were tested based on popular frameworks for machine learning algorithms dealing with images. Results showed a statistically significant difference in the impact of adversarial examples between these models. This means that certain model types and architectures are more susceptible to attacks. Therefore, the conclusion can be made that model architecture does impact the efficacy of adversarial examples; however, this is potentially limited to closed-loop, end-to-end systems in which algorithms make the entire decision. Future research should investigate what specific structure within models causes increased susceptibility to adversarial attacks.
Downloads
References or Bibliography
K. Hao, “What is machine learning?,” MIT Technology Review, Nov. 17, 2018. https://www.technologyreview.com/2018/11/17/103781/what-is-machine-learning-we-drew-you-another-flowchart/ (accessed Sep. 08, 2020).
K. He, X. Zhang, S. Ren, and J. Sun, “Deep Residual Learning for Image Recognition,” 2016, pp. 770–778. Accessed: Mar. 04, 2021. [Online]. Available: https://openaccess.thecvf.com/content_cvpr_2016/html/He_Deep_Residual_Learning_CVPR_2016_paper.html
M. Bojarski et al., “End to End Learning for Self-Driving Cars,” ArXiv160407316 Cs, Apr. 2016, Accessed: Sep. 11, 2020. [Online]. Available: http://arxiv.org/abs/1604.07316
N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, “The Limitations of Deep Learning in Adversarial Settings,” in 2016 IEEE European Symposium on Security and Privacy (EuroS P), Mar. 2016, pp. 372–387. doi: 10.1109/EuroSP.2016.36.
C. Szegedy et al., “Intriguing properties of neural networks,” ArXiv13126199 Cs, Feb. 2014, Accessed: Sep. 28, 2020. [Online]. Available: http://arxiv.org/abs/1312.6199
T. Kanade, C. Thorpe, and W. Whittaker, “Autonomous land vehicle project at CMU,” in Proceedings of the 1986 ACM fourteenth annual conference on Computer science - CSC ’86, Cincinnati, Ohio, United States, 1986, pp. 71–80. doi: 10.1145/324634.325197.
T.-D. Do, M.-T. Duong, Q.-V. Dang, and M.-H. Le, “Real-Time Self-Driving Car Navigation Using Deep Neural Network,” in 2018 4th International Conference on Green Technology and Sustainable Development (GTSD), Nov. 2018, pp. 7–12. doi: 10.1109/GTSD.2018.8595590.
PyTorch, PyTorch at Tesla - Andrej Karpathy, Tesla, (Nov. 06, 2019). Accessed: Mar. 26, 2021. [Online Video]. Available: https://www.youtube.com/watch?v=oBklltKXtDE
B. Biggio and F. Roli, “Wild patterns: Ten years after the rise of adversarial machine learning,” Pattern Recognit., vol. 84, pp. 317–331, Dec. 2018, doi: 10.1016/j.patcog.2018.07.023.
“Donkey® Car,” Donkey® Car. https://www.donkeycar.com/ (accessed Mar. 04, 2021).
A. Boloor, X. He, C. Gill, Y. Vorobeychik, and X. Zhang, “Simple Physical Adversarial Examples against End-to-End Autonomous Driving Models,” in 2019 IEEE International Conference on Embedded Software and Systems (ICESS), Jun. 2019, pp. 1–7. doi: 10.1109/ICESS.2019.8782514.
N. Patel, P. Krishnamurthy, S. Garg, and F. Khorrami, “Adaptive Adversarial Videos on Roadside Billboards: Dynamically Modifying Trajectories of Autonomous Vehicles,” in 2019 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), Nov. 2019, pp. 5916–5921. doi: 10.1109/IROS40897.2019.8968267.
K. Simonyan and A. Zisserman, “Very Deep Convolutional Networks for Large-Scale Image Recognition,” ArXiv14091556 Cs, Apr. 2015, Accessed: Mar. 04, 2021. [Online]. Available: http://arxiv.org/abs/1409.1556
S. Kundu, S. Prakash, H. Akrami, P. A. Beerel, and K. M. Chugg, “A Pre-defined Sparse Kernel Based Convolution for Deep CNNs,” ArXiv191000724 Cs, Oct. 2019, Accessed: Mar. 16, 2021. [Online]. Available: http://arxiv.org/abs/1910.00724
J. Jung, “Autonomous R/C Car Behavioral Cloning Optimization”, [Online]. Available: http://cs229.stanford.edu/proj2018/report/51.pdf
M. Uřičář, P. Křížek, D. Hurych, I. Sobh, S. Yogamani, and P. Denny, “Yes, we GAN: Applying adversarial techniques for autonomous driving,” Electron. Imaging, vol. 2019, no. 15, pp. 48-1-48–17, Jan. 2019, doi: 10.2352/ISSN.2470-1173.2019.15.AVM-048.
I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples,” ArXiv14126572 Cs Stat, Mar. 2015, Accessed: Oct. 27, 2020. [Online]. Available: http://arxiv.org/abs/1412.6572
B. Schneier, “Attacking Machine Learning Systems,” Computer, vol. 53, no. 05, pp. 78–80, May 2020, doi: 10.1109/MC.2020.2980761.
Published
How to Cite
Issue
Section
Copyright (c) 2021 Vihan Karnala; Dr. Marianne Campbell
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright holder(s) granted JSR a perpetual, non-exclusive license to distriute & display this article.
