Integrated Defense Training Framework for Countering Gradient-Based Miniature Attacks on Deep Image Recognition Systems
Integrated Defense Training Framework for Countering Gradient-Based Miniature Attacks on Deep Image Recognition Systems |
||
 |
 |
|
| © 2025 by IJETT Journal | ||
| Volume-73 Issue-6 |
||
| Year of Publication : 2025 | ||
| Author : Lavanya Sanapala, Lakshmeeswari Gondi | ||
| DOI : 10.14445/22315381/IJETT-V73I6P112 | ||
How to Cite?
Lavanya Sanapala, Lakshmeeswari Gondi, Sebastian Ramos-Cosi, "Integrated Defense Training Framework for Countering Gradient-Based Miniature Attacks on Deep Image Recognition Systems," International Journal of Engineering Trends and Technology, vol. 73, no. 6, pp.123-148, 2025. Crossref, https://doi.org/10.14445/22315381/IJETT-V73I6P112
Abstract
Deep Learning Models (DLMs) have become indispensable in Deep Image Recognition Systems (DIRS) due to their ability to automatically extract intricate features and maintain high performance over time. Despite their effectiveness, DLMs are intrinsically susceptible to gradient-based attacks, in which adversaries subtly alter input data to trick the model and produce inaccurate predictions. Adversarial Machine Learning (AML), which investigates diverse attack strategies and develops countermeasures, has yielded numerous techniques. However, advanced gradient-based attacks remain a persistent challenge, underscoring the need for more effective detection and mitigation strategies. This paper presents the Gradient-based Adversarial Miniature Attack (GMA), a sophisticated gradient-based attacking technique that thoroughly assesses the resilience of DIRS models against hostile assaults. This research suggests the Model Integration Approach (MIA), a defense training approach significantly improving DIRS resilience to combat GMA and other well-known threats. According to experimental results, MIA has a remarkable 99.71% detection accuracy, indicating its potential as a strong countermeasure. This work lays a solid foundation for advancing defenses against sophisticated gradient-based adversarial attacks while fostering innovation in developing secure and reliable DIRS models.
Keywords
Computer vision, Security, Adversarial Machine Learning, Advanced threat detection, Robust Deep Neural Network.
References
[1] N.G. Girish Kumar, Ashish Kishore, and Aaditya J. Krishna, “Real-Time Traffic Sign Recognition and Autonomous Vehicle Control System Using Convolutional Neural Networks,” Multimedia Tools and Applications, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Mohamed Cheniti, Zahid Akhtar, and Praveen Kumar Chandaliya, “Dual-Model Synergy for Fingerprint Spoof Detection Using VGG16 and ResNet50,” Journal of Imaging, vol. 11, no. 2, pp. 1-13, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Ming Yan et al., “Cancer Type and Survival Prediction Based on Transcriptomic Feature Map,” Computers in Biology and Medicine, vol. 192, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Haoran Cheng, “Advancements in Image Classification: from Machine Learning to Deep Learning,” ITM Web of Conferences, 2nd International Conference on Data Science, Advanced Algorithm and Intelligent Computing (DAI 2024), vol. 70, pp. 1-8, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy, “Explaining and Harnessing Adversarial Examples,” arXiv Preprint, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Nicholas Carlini, and David Wagner, “Adversarial Examples are not Easily Detected: Bypassing Ten Detection Methods,” AISec '17: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, Dallas, Texas, USA, pp. 3-14, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Mustafa Sinasi Ayas, Selen Ayas, and Seddik M. Djouadi, “Projected Gradient Descent Adversarial Attack and its Defense on a Fault Diagnosis System,” 2022 45th International Conference on Telecommunications and Signal Processing (TSP), Prague, Czech Republic, pp. 36-39, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Fahri Anıl Yerlikaya, and Serif Bahtiyar, “Data Poisoning Attacks Against Machine Learning Algorithms,” Expert Systems with Applications, vol. 208, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Hai Huang et al., “Data Poisoning Attacks to Deep Learning Based Recommender Systems,” arXiv Preprint, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Ibrahim M. Ahmed, and Manar Younis Kashmoola, “Threats on Machine Learning Technique by Data Poisoning Attack: A Survey,” International Conference on Advances in Cyber Security, Penang, Malaysia, pp. 586-600, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Antonio Emanuele Cina et al., “AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples,” arXiv Preprint, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Chuan Guo et al., “Gradient-Based Adversarial Attacks Against Text Transformers,” arXiv Preprint, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Zheng Yuan et al., “Meta Gradient Adversarial Attack,” 2021 IEEE/CVF International Conference on Computer Vision (ICCV), Montreal, QC, Canada, pp. 7748-7757, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Battista Biggio, Blaine Nelson, and Pavel Laskov, “Poisoning Attacks Against Support Vector Machines,” arXiv Preprint, 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Yingqi Liu et al., “Trojaning Attack on Neural Networks,” 25th Annual Network and Distributed System Security Symposium (NDSS 2018), San Diego, CA, USA, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Luis Muñoz-González et al., “Towards Poisoning of Deep Learning Algorithms with Back-Gradient Optimization,” AISec '17: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, Dallas, Texas, USA, pp. 27-38, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Nicolas Papernot, “Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks,” 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, pp. 582-597, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Nicholas Carlini, and David Wagner, “Defensive Distillation is not Robust to Adversarial Examples,” arXiv Preprint, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Bakary Badjie, José Cecílio, and António Casimiro, “Denoising Autoencoder-Based Defensive Distillation as an Adversarial Robustness Algorithm Against Data Poisoning Attacks,” ACM SIGAda Ada Letters, vol. 43, no. 2, pp. 30-35, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Murat Kuzlu et al., “Adversarial Security Mitigations of Mmwave Beamforming Prediction Models Using Defensive Distillation and Adversarial Retraining,” International Journal of Information Security, vol. 22, no. 2, pp. 319-332, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Antonio Emanuele Cinà et al., “Wild Patterns Reloaded: A Survey of Machine Learning Security Against Training Data Poisoning,” ACM Computing Surveys, vol. 55, no. 13s, pp. 1-39, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Tommaso Zoppi, and Andrea Ceccarelli, “Detect Adversarial Attacks Against Deep Neural Networks with GPU Monitoring,” IEEE Access, vol. 9, pp. 150579-150591, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Rui Yang, Xiu-Qing Chen, and Tian-Jie Cao, “APE-GAN++: An Improved APE-GAN to Eliminate Adversarial Perturbations,” IAENG International Journal of Computer Science, vol. 48, no. 3, pp. 827-44, 2021.
[Google Scholar] [Publisher Link]
[24] Zeyu Wang et al., “Revisiting Adversarial Training at Scale,” Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 24675-24685, 2024.
[Google Scholar] [Publisher Link]
[25] Yuhao Mao et al., “Connecting Certified and Adversarial Training,” Advances in Neural Information Processing Systems, vol. 36, 2024.
[Google Scholar] [Publisher Link]
[26] Shu Hu et al., “Outlier Robust Adversarial Training,” Proceedings of the 15th Asian Conference on Machine Learning, PMLR, pp. 454-469, 2024.
[Google Scholar] [Publisher Link]
[27] Maksym Andriushchenko, and Nicolas Flammarion, “Understanding and Improving Fast Adversarial Training,” Advances in Neural Information Processing Systems, vol. 33, pp. 16048-16059, 2020.
[Google Scholar] [Publisher Link]
[28] Yue Xing, Qifan Song, and Guang Cheng, “On the Algorithmic Stability of Adversarial Training,” Advances in Neural Information Processing Systems, vol. 34, pp. 26523-26535, 2021.
[Google Scholar] [Publisher Link]
[29] Sravanti Addepalli, Samyak Jain, and Venkatesh Babu R., “Efficient and Effective Augmentation Strategy for Adversarial Training,” Advances in Neural Information Processing Systems, vol. 35, pp. 1488-1501, 2022.
[Google Scholar] [Publisher Link]
[30] Ruslan Abdulkadirov, Pavel Lyakhov, and Nikolay Nagornov, “Survey of Optimization Algorithms in Modern Neural Networks,” Mathematics, vol. 11, no. 11, pp. 1-37, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[31] Kevin P. Murphy, Probabilistic Machine Learning: An Introduction, MIT Press, 2022.
[Google Scholar] [Publisher Link]
[32] Tianyu Pang et al., “Towards Robust Detection of Adversarial Examples,” Advances in Neural Information Processing Systems, vol. 31, 2018.
[Google Scholar] [Publisher Link]
[33] Xin Li, and Fuxin Li, “Attack Samples Detection in Deep Networks with Convolutional Filter Statistics,” 2017 IEEE International Conference on Computer Vision (ICCV), Venice, Italy, pp. 5764-5772, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Francesco Crecchi et al., “Fader: Fast Adversarial Example Rejection,” Neurocomputing, vol. 470, pp. 257-268, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[35] Eric Wong, Leslie Rice, and J. Zico Kolter, “Fast is Better than Free: Revisiting Adversarial Training,” arXiv Preprint, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[36] Ali Shafahi et al., “Adversarial Training for Free!,” Advances in Neural Information Processing Systems, vol. 32, 2019.
[Google Scholar] [Publisher Link]
[37] Xiaojun Jia et al., “LAS-AT: Adversarial Training with Learnable Attack Strategy,” 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), New Orleans, LA, USA, pp. 13398-13408, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[38] Klim Kireev, Maksym Andriushchenko, and Nicolas Flammarion, “On the Effectiveness of Adversarial Training Against Common Corruptions,” Proceedings of the Thirty-Eighth Conference on Uncertainty in Artificial Intelligence, PMLR, pp. 1012-1021, 2022.
[Google Scholar] [Publisher Link]
[39] Zhuang Qian et al., “A Survey of Robust Adversarial Training in Pattern Recognition: Fundamental, Theory, and Methodologies,” Pattern Recognition, vol. 131, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[40] Afia Sajeeda, and B.M. Mainul Hossain, “Exploring Generative Adversarial Networks and Adversarial Training,” International Journal of Cognitive Computing in Engineering, vol. 3, pp. 78-89, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[41] Jianyu Wang, and Haichao Zhang, “Bilateral Adversarial Training: Towards Fast Training of More Robust Models Against Adversarial Attacks,” 2019 IEEE/CVF International Conference on Computer Vision (ICCV), Seoul, Korea (South), pp. 6629-6638, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[42] Kathrin Grosse et al., “On the (Statistical) Detection of Attack Samples,” arXiv Preprint, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[43] Andrea Paudice et al., “Detection of Adversarial Training Examples in Poisoning Attacks through Anomaly Detection,” arXiv Preprint, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[44] Florian Tramèr et al., “Ensemble Adversarial Training: Attacks and Defenses,” arXiv Preprint, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[45] Lars Buitinck et al., “API Design for Machine Learning Software: Experiences from the Scikit-Learn Project,” European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases: Languages for Data Mining and Machine Learning, 2013.
[Google Scholar] [Publisher Link]
[46] Yann LeCun, Corinna Cortes and Chris Burges, MNIST Handwritten Digit Database, Github. [Online]. Available: https://github.com/unlucky-13/Level-4-Term-
2/blob/master/CSE472%20Machine%20Learning%20Sessional/Assignment%203/MNIST%20handwritten%20digit%20database%2C%20Yann%20LeCun%2C%20Corinna%20Cortes%20and%20Chris%20Burges.html
[47] Jonas Rauber et al., “Foolbox Native: Fast Adversarial Attacks to Benchmark the Robustness of Machine Learning Models in Pytorch, Tensorflow, and JAX,” Journal of Open Source Software, vol. 5, no. 53, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[48] Han Xiao, Kashif Rasul, and Roland Vollgraf, “Fashion-MNIST: A Novel Image Dataset for Benchmarking Machine Learning Algorithms,” Arxiv, 2017.
[CrossRef] [Google Scholar] [Publisher Link]