Show simple item record

dc.contributor.advisorJoshi, M. V.
dc.contributor.authorKalgutkar, Amruta
dc.date.available2023-02-24T16:35:21Z
dc.date.issued2021
dc.identifier.citationKalgutkar, Amruta (2021). Adversarial Defense Using Partial Pseudorandom Encryption. Dhirubhai Ambani Institute of Information and Communication Technology. viii, 29 p. (Acc.No: T00942)
dc.identifier.urihttp://drsr.daiict.ac.in//handle/123456789/1007
dc.description.abstractMachine Learning models like Deep neural networks are vulnerable to adversarial attacks. Carefully crafted adversarial examples force a learned classifier to misclassify the input which can be correctly classified by a human observer. In this thesis, we present a novel approach for defense against such Adversarial attacks. We train and test the model on transformed images in black-box and gray-box scenarios. Here, we propose a transformation technique that partially encrypts every image before training and testing using the Rivest–Shamir–Adleman (RSA) , an asymmetric-key encryption algorithm for visual encryption. The internal structure of the system and the keys generated by RSA are secret. We encrypt only those pixels which are generated by a pseudorandom number generator with a pre-decided secret seed. The images encrypted with such transformation are extremely difficult to decrypt and to launch adaptive adversarial attacks or transferability attacks which makes this visual defense technique against adversarial attack robust. As the field of Adversarial machine learning (AML) is still under study, researchers have not attempted such an approach of training the model on encrypted images for robust learning. State-of-the-art defense techniques are effective but they are computationally expensive and still will not guarantee total security. This idea of partial encryption maintains features and asymmetric key encryption makes it difficult for adversary to guess encryption parameters. This makes the technique novel and hence out-performs state-of-the-art defense techniques.
dc.subjectAdversarial defense
dc.subjectImage encryption
dc.subjectPseudorandom numbers
dc.subjectImage classification
dc.subjectCryptosystem
dc.classification.ddc005.82 KAL
dc.titleAdversarial Defense Using Partial Pseudorandom Encryption
dc.typeDissertation
dc.degreeM. Tech
dc.student.id201911015
dc.accession.numberT00942


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record