Affordable Access

Access to the full text

Defense against adversarial attacks in traffic sign images identification based on 5G

Authors
  • Wu, Fei1
  • Xiao, Limin1
  • Yang, Wenxue1
  • Zhu, Jinbin1
  • 1 Beihang University, Beijing, 100191, China , Beijing (China)
Type
Published Article
Journal
EURASIP Journal on Wireless Communications and Networking
Publisher
Springer International Publishing
Publication Date
Sep 09, 2020
Volume
2020
Issue
1
Identifiers
DOI: 10.1186/s13638-020-01775-5
Source
Springer Nature
Keywords
License
Green

Abstract

In the past decade, artificial intelligence and Internet of things (IoT) technology have been rapid development, gradually began to integrate with each other, especially in coming 5G era. Admittedly, image recognition is the key technology due to a huge number of video cameras integrated in intelligent IoT equipment, such as driverless cars. However, the rapidly growing body of research in adversarial machine learning has demonstrated that the deep learning architectures are vulnerable to adversarial examples. Thus, the raises questions about the security of intelligent Internet of thing (IoT) and trust sensitive areas. This emphasizes the urgent need for practical defense technology that can be deployed to real-time combat attacks at any time. Well-crafted small perturbations lead to the misclassification of legitimate images by neural networks, but not the human visual system. It is worth noting that many attack strategies are designed to disrupt image pixels in a visually imperceptible manner. Therefore, we propose a new defense method and take full advantage of 5G high-speed bandwidth and mobile edge computing (MEC) effectively. We use singular value decomposition (SVD) which is the optimal approximation of matrix in the sense of square loss to eliminate the perturbation. We have conducted extensive and large-scale experiments with German Traffic Sign Recognition Benchmark (GTSRB) datasets and the results show that adversarial attacks, such as Carlini-Wagner’s l2, Deepfool, and I-FSGM, can be better eliminated by the method and provide lower latency.

Report this publication

Statistics

Seen <100 times