Kryptonite: An Adversarial Attack Using Regional Focus
This addresses security risks for applications using deep neural networks in fields like medical diagnosis and security systems, but it is incremental as it builds on existing adversarial attack techniques.
The paper tackles the vulnerability of deep learning systems to adversarial attacks by proposing 'Kryptonite', an attack that adds imperceptible perturbations to images based on extracted Regions of Interest, resulting in a maximum drop in network accuracy with minimal perturbation and less time per sample compared to state-of-the-art methods.
With the Rise of Adversarial Machine Learning and increasingly robust adversarial attacks, the security of applications utilizing the power of Machine Learning has been questioned. Over the past few years, applications of Deep Learning using Deep Neural Networks(DNN) in several fields including Medical Diagnosis, Security Systems, Virtual Assistants, etc. have become extremely commonplace, and hence become more exposed and susceptible to attack. In this paper, we present a novel study analyzing the weaknesses in the security of deep learning systems. We propose 'Kryptonite', an adversarial attack on images. We explicitly extract the Region of Interest (RoI) for the images and use it to add imperceptible adversarial perturbations to images to fool the DNN. We test our attack on several DNN's and compare our results with state of the art adversarial attacks like Fast Gradient Sign Method (FGSM), DeepFool (DF), Momentum Iterative Fast Gradient Sign Method (MIFGSM), and Projected Gradient Descent (PGD). The results obtained by us cause a maximum drop in network accuracy while yielding minimum possible perturbation and in considerably less amount of time per sample. We thoroughly evaluate our attack against three adversarial defence techniques and the promising results showcase the efficacy of our attack.