{"id":3309,"date":"2022-06-01T06:00:00","date_gmt":"2022-06-01T11:00:00","guid":{"rendered":"https:\/\/baylor.ai\/?p=3309"},"modified":"2023-11-08T12:40:48","modified_gmt":"2023-11-08T18:40:48","slug":"sicem-a-sensitivity-inspired-constrained-evaluation-method-for-adversarial-attacks-on-classifiers-with-occluded-input-data","status":"publish","type":"post","link":"https:\/\/lab.rivas.ai\/?p=3309","title":{"rendered":"SICEM: A Sensitivity-Inspired Constrained Evaluation Method for Adversarial Attacks on Classifiers with Occluded Input Data"},"content":{"rendered":"\n

In the rapidly evolving field of artificial intelligence, understanding the sensitivity of models to adversarial attacks is crucial. In our recent paper, Korn Sooksatra introduces the Sensitivity-inspired constrained evaluation method (SICEM) to address this concern.<\/p>\n\n\n\n

\n

<\/p>\nSooksatra, K., Rivas, P. Evaluation of adversarial attacks sensitivity of classifiers with occluded input data.\u00a0Neural Comput & Applic<\/em>\u00a034<\/strong>, 17615\u201317632 (2022). https:\/\/doi.org\/10.1007\/s00521-022-07387-y<\/a><\/cite><\/blockquote>\n\n\n\n

Understanding SICEM<\/h3>\n\n\n\n\n

Our proposed method, SICEM, evaluates the vulnerability of an incomplete input against an adversarial attack in comparison to a complete one. This is achieved by leveraging the Jacobian matrix concept. The sensitivity of the target classifier’s output to each attribute of the input is calculated, providing a comprehensive understanding of how changes in the input can affect the output.<\/p>\n\n

  <\/span>   <\/span>\"\[ s(x,y)_i = \left|\min \left(0, \frac{\partial Z(x)_y}{\partial x_i} \cdot \left(\sum_{y^{'} \neq y} \frac{\partial Z(x)_{y^{'}}}{\partial x_i}\right) \cdot C(y, 1, 0)_i\right)\right| \]\"<\/p>\n\n

This sensitivity score gives us an insight into how much each attribute of the input contributes to the output’s sensitivity. The score is then used to estimate the overall sensitivity of the given input and its mask.<\/p>\n\n

  <\/span>   <\/span>\"\[ S(x, M)_y = \sum_{i=0}^{n-1} (s(x, y)_i \cdot M_i) \]\"<\/p>\n\n

For a complete input, the sensitivity ratio provides a comparative measure of how sensitive the classifier’s output is for an incomplete input versus a complete one.<\/p>\n\n\n\n

Results and Implications<\/h3>\n\n\n\n

Our focus was on an automobile image from the CIFAR-10 dataset. Interestingly, adversarial examples generated by FGSM and IGSM required the same value of \"\epsilon\", which was significantly lower than for other images. This can be attributed to the layer-wise linearity of the classifier. Larger inputs, like the automobile image, require a smaller \"\epsilon\" to create an adversarial example. However, JSMA required a higher \"\epsilon\" due to the metric of \"L_0\" norm.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Understanding the sensitivity of AI models is paramount in ensuring their robustness against adversarial attacks. The SICEM method provides a comprehensive tool to ensure safer and more reliable AI systems. Read the full paper here [\u00a0bib<\/a>\u00a0|\u00a0\u00a0.pdf<\/a>\u00a0].<\/p>\n","protected":false},"excerpt":{"rendered":"

Korn Sooksatra’s paper introduces the Sensitivity-inspired constrained evaluation method (SICEM), which evaluates the vulnerability of artificial intelligence models to adversarial attacks, promoting safer and more reliable AI systems.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":true,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[2],"class_list":["post-3309","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-adversarial-ml"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=\/wp\/v2\/posts\/3309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3309"}],"version-history":[{"count":9,"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=\/wp\/v2\/posts\/3309\/revisions"}],"predecessor-version":[{"id":3358,"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=\/wp\/v2\/posts\/3309\/revisions\/3358"}],"wp:attachment":[{"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab.rivas.ai\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}