This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Open AccessArticle
SSIM-Based Autoencoder Modeling to Defeat Adversarial Patch Attacks
by
Seungyeol Lee
Seungyeol Lee
Seungyeol Lee received a BS degree in the Division of Computer Engineering from Hoseo University, of [...]
Seungyeol Lee received a BS degree in the Division of Computer Engineering from Hoseo University, Rep. of Korea, in 2024. He is currently taking a master's course in information security at Hoseo University. His research interests include automobile security, cryptography, machine learning, and AI security.
1,
Seongwoo Hong
Seongwoo Hong
Seongwoo Hong received a BS degree in the Division of Computer Engineering from Hoseo University, of [...]
Seongwoo Hong received a BS degree in the Division of Computer Engineering from Hoseo University, Rep. of Korea, in 2023. He is currently taking a master's course in information security at Hoseo University. His research interests include side-channel analysis, fault injection, hardware security, and AI security.
1,
Gwangyeol Kim
Gwangyeol Kim
Gwangyeol Kim received a BS degree in computer science and statistics from Seoul National Rep. of in [...]
Gwangyeol Kim received a BS degree in computer science and statistics from Seoul National University, Rep. of Korea, in 1989. He is currently serving as CTO in SINSIWAY Co., Seoul, Rep. of Korea, developing database access control and encryption solutions since 2006. He worked as a database consultant at Oracle Korea until 1998 and worked as a developer at Hyundai Electronics S/W Lab, Seoul, Rep. of Korea, until 1995 from 1989. His research interests include database security, big data analysis, and AI security.
2 and
Jaecheol Ha
Jaecheol Ha
Jaecheol Ha received the BE, ME, and Ph.D. in electronics engineering from Kyungpook National Rep. a [...]
Jaecheol Ha received the BE, ME, and Ph.D. in electronics engineering from Kyungpook National University, Rep. of Korea, in 1989, 1993, and 1998, respectively. He is currently a full professor in the division of computer engineering at Hoseo University, Asan, Rep. of Korea. From 1998 to 2006, he also worked as a professor in the Department of Information and Communication at Korea Nazarene University, Cheonan, Korea. In 2014, he was a visiting researcher at Purdue University, USA. He is working as a president of the Korea Institute of Information and Cryptography (KIISC). His research interests include AI security, mobile network security, hardware security, and side-channel attacks.
1,*
1
Department of Information Security, Hoseo University, Asan 31499, ChungNam-do, Republic of Korea
2
Sinsiway Inc., Songpa-gu, Seoul 05836, Republic of Korea
*
Author to whom correspondence should be addressed.
Sensors 2024, 24(19), 6461; https://doi.org/10.3390/s24196461 (registering DOI)
Submission received: 26 July 2024
/
Revised: 31 August 2024
/
Accepted: 4 October 2024
/
Published: 6 October 2024
Abstract
Object detection systems are used in various fields such as autonomous vehicles and facial recognition. In particular, object detection using deep learning networks enables real-time processing in low-performance edge devices and can maintain high detection rates. However, edge devices that operate far from administrators are vulnerable to various physical attacks by malicious adversaries. In this paper, we implement a function for detecting traffic signs by using You Only Look Once (YOLO) as well as Faster-RCNN, which can be adopted by edge devices of autonomous vehicles. Then, assuming the role of a malicious attacker, we executed adversarial patch attacks with Adv-Patch and Dpatch. Trying to cause misdetection of traffic stop signs by using Adv-Patch and Dpatch, we confirmed the attacks can succeed with a high probability. To defeat these attacks, we propose an image reconstruction method using an autoencoder and the Structural Similarity Index Measure (SSIM). We confirm that the proposed method can sufficiently defend against an attack, attaining a mean Average Precision (mAP) of 91.46% even when two adversarial attacks are launched.
Share and Cite
MDPI and ACS Style
Lee, S.; Hong, S.; Kim, G.; Ha, J.
SSIM-Based Autoencoder Modeling to Defeat Adversarial Patch Attacks. Sensors 2024, 24, 6461.
https://doi.org/10.3390/s24196461
AMA Style
Lee S, Hong S, Kim G, Ha J.
SSIM-Based Autoencoder Modeling to Defeat Adversarial Patch Attacks. Sensors. 2024; 24(19):6461.
https://doi.org/10.3390/s24196461
Chicago/Turabian Style
Lee, Seungyeol, Seongwoo Hong, Gwangyeol Kim, and Jaecheol Ha.
2024. "SSIM-Based Autoencoder Modeling to Defeat Adversarial Patch Attacks" Sensors 24, no. 19: 6461.
https://doi.org/10.3390/s24196461
Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details
here.
Article Metrics
Article Access Statistics
For more information on the journal statistics, click
here.
Multiple requests from the same IP address are counted as one view.