• Login
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of DSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    Statistics

    View Usage StatisticsView Google Analytics Statistics

    Adversarial Defense Using Partial Pseudorandom Encryption

    Thumbnail
    View/Open
    201911015_MTech_Thesis_final - Dean Research.pdf (1.468Mb)
    Date
    2021
    Author
    Kalgutkar, Amruta
    Metadata
    Show full item record
    Abstract
    Machine Learning models like Deep neural networks are vulnerable to adversarial attacks. Carefully crafted adversarial examples force a learned classifier to misclassify the input which can be correctly classified by a human observer. In this thesis, we present a novel approach for defense against such Adversarial attacks. We train and test the model on transformed images in black-box and gray-box scenarios. Here, we propose a transformation technique that partially encrypts every image before training and testing using the Rivest–Shamir–Adleman (RSA) , an asymmetric-key encryption algorithm for visual encryption. The internal structure of the system and the keys generated by RSA are secret. We encrypt only those pixels which are generated by a pseudorandom number generator with a pre-decided secret seed. The images encrypted with such transformation are extremely difficult to decrypt and to launch adaptive adversarial attacks or transferability attacks which makes this visual defense technique against adversarial attack robust. As the field of Adversarial machine learning (AML) is still under study, researchers have not attempted such an approach of training the model on encrypted images for robust learning. State-of-the-art defense techniques are effective but they are computationally expensive and still will not guarantee total security. This idea of partial encryption maintains features and asymmetric key encryption makes it difficult for adversary to guess encryption parameters. This makes the technique novel and hence out-performs state-of-the-art defense techniques.
    URI
    http://drsr.daiict.ac.in//handle/123456789/1007
    Collections
    • M Tech Dissertations [923]

    Resource Centre copyright © 2006-2017 
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     


    Resource Centre copyright © 2006-2017 
    Contact Us | Send Feedback
    Theme by 
    Atmire NV