원문정보
초록
영어
The purpose of this study is to compare and analyze BadNet, Blended, WaNet, FIBA, SIG,CLBA, Label Consistent attack models in terms of their variations in visual recognition, their prediction reliability, and their attack success rate, and to consider the impact of attack models on AI image recognition. In this study, eight representative backdoor attack models were selected, and Confidence, PSNR, SSIM, L1, L2, and L∞ were selected as performance metrics to evaluate the attack performance. The results show that BadNet, Label Consistent, and CLIBA attacks are the most natural attacks in terms of SSIM and PSNR; SIG, CLBA, and Adaptive SIG are attacks that succeed in changing targets with high prediction reliability in terms of Confidence; and FIBA and WaNet are models that are easy to detect with large variations in terms of L1/L2. In this study, we confirmed through experiments that stealth-based attacks such as CLBA, Label Consistent, and Adaptive SIG are attacks that can pose a real threat.
목차
1. Introduction
2. Related Research
3. AI Image Adversarial Attack Model
4. Experiments and Results of BWSL Attack Models
4.1 Adversarial Attack Models of BadNet, WaNet, SIG, Label Consistent Image Recognition
4.2 Test & Evaluation for Adversarial attack models for BWSL
5. Conclusions
Acknowledgement
References