TY - JOUR
T1 - Deep Fusion
T2 - Crafting Transferable Adversarial Examples and Improving Robustness of Industrial Artificial Intelligence of Things
AU - Wang, Yajie
AU - Tan, Yu an
AU - Baker, Thar
AU - Kumar, Neeraj
AU - Zhang, Quanxin
PY - 2022/4/22
Y1 - 2022/4/22
N2 - Industry 5.0 is aimed at merging the cognitive computing capabilities of Deep neural networks (DNNs) with human resourcefulness in collaborative operations. DNNs have been widely used in Industrial Artificial Intelligence of Things (Industrial AIoT) systems. However, DNNs are vulnerable to adversarial attacks, which bring a considerable risk to Industrial Artificial Intelligence of Things systems. The adversary uses adversarial examples crafted on the local ensemble model to attack black-box target of Industrial Artificial Intelligence of Things systems, resulting in catastrophic consequences. It is essential to study ensemble adversarial attack and defense strategies in black-box scenarios. Nevertheless, current ensemble attacks' performance is limited by the diversity of local models and ensemble strategies, and defensive strategies are inefficient. To solve these problems, we propose two novel Deep Fusion methods from both an attacker's and a defender's perspective. For initiating attacks, we propose Deep Fusion Attack. The erosion models are applied to compensate for local models' insufficiency in diversity. We fuse erosion models in the output space and the feature space simultaneously and continuously accumulate historical gradients to retain adversarial information, thereby improving transferability. Extensive experimental results show that our approach achieves superior performance in black-box attacks than state-of-the-art ensemble attacks. The average success rate of our targeted black-box attack reaches a compelling 87.4%. For constructing defenses, we propose Deep Fusion Defense, using a fusion of multiple predictions with erosion models as a novel approach.
AB - Industry 5.0 is aimed at merging the cognitive computing capabilities of Deep neural networks (DNNs) with human resourcefulness in collaborative operations. DNNs have been widely used in Industrial Artificial Intelligence of Things (Industrial AIoT) systems. However, DNNs are vulnerable to adversarial attacks, which bring a considerable risk to Industrial Artificial Intelligence of Things systems. The adversary uses adversarial examples crafted on the local ensemble model to attack black-box target of Industrial Artificial Intelligence of Things systems, resulting in catastrophic consequences. It is essential to study ensemble adversarial attack and defense strategies in black-box scenarios. Nevertheless, current ensemble attacks' performance is limited by the diversity of local models and ensemble strategies, and defensive strategies are inefficient. To solve these problems, we propose two novel Deep Fusion methods from both an attacker's and a defender's perspective. For initiating attacks, we propose Deep Fusion Attack. The erosion models are applied to compensate for local models' insufficiency in diversity. We fuse erosion models in the output space and the feature space simultaneously and continuously accumulate historical gradients to retain adversarial information, thereby improving transferability. Extensive experimental results show that our approach achieves superior performance in black-box attacks than state-of-the-art ensemble attacks. The average success rate of our targeted black-box attack reaches a compelling 87.4%. For constructing defenses, we propose Deep Fusion Defense, using a fusion of multiple predictions with erosion models as a novel approach.
KW - Adversarial examples
KW - Adversarial robustness
KW - Computational modeling
KW - Deep neural networks
KW - Fuses
KW - Industrial AIoT
KW - Industries
KW - Industry 50
KW - Informatics
KW - Perturbation methods
KW - Predictive models
KW - Robustness
UR - http://www.scopus.com/inward/record.url?scp=85128675343&partnerID=8YFLogxK
U2 - 10.1109/TII.2022.3168874
DO - 10.1109/TII.2022.3168874
M3 - Article
AN - SCOPUS:85128675343
SN - 1551-3203
JO - IEEE Transactions on Industrial Informatics
JF - IEEE Transactions on Industrial Informatics
ER -