Adversarial detection based on feature invariant in license plate recognition systems
Deep neural networks have become an integral part of people's daily lives. However, researchers observed that these networks were susceptible to threats from adversarial samples, leading to abnormal behaviors such as misclassification by the network model. The presence of adversarial samples po...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024080 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1823864957432758272 |
|---|---|
| author | ZHU Xiaoyu TANG Peng ZHANG Haochen QIU Weidong HUANG Zheng |
| author_facet | ZHU Xiaoyu TANG Peng ZHANG Haochen QIU Weidong HUANG Zheng |
| author_sort | ZHU Xiaoyu |
| collection | DOAJ |
| description | Deep neural networks have become an integral part of people's daily lives. However, researchers observed that these networks were susceptible to threats from adversarial samples, leading to abnormal behaviors such as misclassification by the network model. The presence of adversarial samples poses a significant threat to the application of deep neural networks, especially in security-sensitive scenarios like license plate recognition systems. Presently, most existing defense and detection technologies against adversarial samples show promising results for specific types of adversarial attacks. However, they often lack generality in addressing all types of adversarial attacks. In response to adversarial sample attacks on real-world license plate recognition systems, an unsupervised adversarial sample detection system named FIAD was proposed, which was based on analyzing the inherent variations in neural networks trained on clean samples and the dimensional complexity between clean samples. FIAD utilized neural network invariants and local intrinsic dimensionality invariants for effective sample detection. The detection system was deployed into widely used open-source license plate recognition systems, HyperLPR and EasyPR, and extensive experiments were conducted using the real dataset CCPD. The results from experiments involving 11 different types of attacks indicate that, compared to 4 other advanced detection methods, FIAD can effectively detect all these attacks at a lower false positive rate, with an accuracy consistently reaching 99%. Therefore, FIAD exhibits good generality against various types of adversarial attacks. |
| format | Article |
| id | doaj-art-fd30520849e14461b4925fe931bd3b98 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-fd30520849e14461b4925fe931bd3b982025-02-08T19:00:09ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-12-0110597080361645Adversarial detection based on feature invariant in license plate recognition systemsZHU XiaoyuTANG PengZHANG HaochenQIU WeidongHUANG ZhengDeep neural networks have become an integral part of people's daily lives. However, researchers observed that these networks were susceptible to threats from adversarial samples, leading to abnormal behaviors such as misclassification by the network model. The presence of adversarial samples poses a significant threat to the application of deep neural networks, especially in security-sensitive scenarios like license plate recognition systems. Presently, most existing defense and detection technologies against adversarial samples show promising results for specific types of adversarial attacks. However, they often lack generality in addressing all types of adversarial attacks. In response to adversarial sample attacks on real-world license plate recognition systems, an unsupervised adversarial sample detection system named FIAD was proposed, which was based on analyzing the inherent variations in neural networks trained on clean samples and the dimensional complexity between clean samples. FIAD utilized neural network invariants and local intrinsic dimensionality invariants for effective sample detection. The detection system was deployed into widely used open-source license plate recognition systems, HyperLPR and EasyPR, and extensive experiments were conducted using the real dataset CCPD. The results from experiments involving 11 different types of attacks indicate that, compared to 4 other advanced detection methods, FIAD can effectively detect all these attacks at a lower false positive rate, with an accuracy consistently reaching 99%. Therefore, FIAD exhibits good generality against various types of adversarial attacks.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024080deep neural networkadversarial sample detectionlicense plate recognitionfeature invariants |
| spellingShingle | ZHU Xiaoyu TANG Peng ZHANG Haochen QIU Weidong HUANG Zheng Adversarial detection based on feature invariant in license plate recognition systems 网络与信息安全学报 deep neural network adversarial sample detection license plate recognition feature invariants |
| title | Adversarial detection based on feature invariant in license plate recognition systems |
| title_full | Adversarial detection based on feature invariant in license plate recognition systems |
| title_fullStr | Adversarial detection based on feature invariant in license plate recognition systems |
| title_full_unstemmed | Adversarial detection based on feature invariant in license plate recognition systems |
| title_short | Adversarial detection based on feature invariant in license plate recognition systems |
| title_sort | adversarial detection based on feature invariant in license plate recognition systems |
| topic | deep neural network adversarial sample detection license plate recognition feature invariants |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024080 |
| work_keys_str_mv | AT zhuxiaoyu adversarialdetectionbasedonfeatureinvariantinlicenseplaterecognitionsystems AT tangpeng adversarialdetectionbasedonfeatureinvariantinlicenseplaterecognitionsystems AT zhanghaochen adversarialdetectionbasedonfeatureinvariantinlicenseplaterecognitionsystems AT qiuweidong adversarialdetectionbasedonfeatureinvariantinlicenseplaterecognitionsystems AT huangzheng adversarialdetectionbasedonfeatureinvariantinlicenseplaterecognitionsystems |