Deep Fusion: Crafting Transferable Adversarial Examples and Improving Robustness of Industrial Artificial Intelligence of Things

Yajie Wang, Yu an Tan, Thar Baker, Neeraj Kumar, Quanxin Zhang

Research output: Contribution to journalArticlepeer-review


Industry 5.0 is aimed at merging the cognitive computing capabilities of Deep neural networks (DNNs) with human resourcefulness in collaborative operations. DNNs have been widely used in Industrial Artificial Intelligence of Things (Industrial AIoT) systems. However, DNNs are vulnerable to adversarial attacks, which bring a considerable risk to Industrial Artificial Intelligence of Things systems. The adversary uses adversarial examples crafted on the local ensemble model to attack black-box target of Industrial Artificial Intelligence of Things systems, resulting in catastrophic consequences. It is essential to study ensemble adversarial attack and defense strategies in black-box scenarios. Nevertheless, current ensemble attacks' performance is limited by the diversity of local models and ensemble strategies, and defensive strategies are inefficient. To solve these problems, we propose two novel Deep Fusion methods from both an attacker's and a defender's perspective. For initiating attacks, we propose Deep Fusion Attack. The erosion models are applied to compensate for local models' insufficiency in diversity. We fuse erosion models in the output space and the feature space simultaneously and continuously accumulate historical gradients to retain adversarial information, thereby improving transferability. Extensive experimental results show that our approach achieves superior performance in black-box attacks than state-of-the-art ensemble attacks. The average success rate of our targeted black-box attack reaches a compelling 87.4%. For constructing defenses, we propose Deep Fusion Defense, using a fusion of multiple predictions with erosion models as a novel approach.

Original languageEnglish
Number of pages1
JournalIEEE Transactions on Industrial Informatics
Publication statusPublished - 22 Apr 2022


  • Adversarial examples
  • Adversarial robustness
  • Computational modeling
  • Deep neural networks
  • Fuses
  • Industrial AIoT
  • Industries
  • Industry 50
  • Informatics
  • Perturbation methods
  • Predictive models
  • Robustness

Cite this