{
  "id": "1905.13284",
  "version": "v1",
  "published": "2019-05-30T20:08:35.000Z",
  "updated": "2019-05-30T20:08:35.000Z",
  "title": "Identifying Classes Susceptible to Adversarial Attacks",
  "authors": [
    "Rangeet Pan",
    "Md Johirul Islam",
    "Shibbir Ahmed",
    "Hridesh Rajan"
  ],
  "categories": [
    "cs.LG",
    "cs.CR",
    "stat.ML"
  ],
  "abstract": "Despite numerous attempts to defend deep learning based image classifiers, they remain susceptible to the adversarial attacks. This paper proposes a technique to identify susceptible classes, those classes that are more easily subverted. To identify the susceptible classes we use distance-based measures and apply them on a trained model. Based on the distance among original classes, we create mapping among original classes and adversarial classes that helps to reduce the randomness of a model to a significant amount in an adversarial setting. We analyze the high dimensional geometry among the feature classes and identify the k most susceptible target classes in an adversarial attack. We conduct experiments using MNIST, Fashion MNIST, CIFAR-10 (ImageNet and ResNet-32) datasets. Finally, we evaluate our techniques in order to determine which distance-based measure works best and how the randomness of a model changes with perturbation.",
  "revisions": [
    {
      "version": "v1",
      "updated": "2019-05-30T20:08:35.000Z"
    }
  ],
  "analyses": {
    "keywords": [
      "adversarial attack",
      "identifying classes susceptible",
      "original classes",
      "distance-based measure works best",
      "susceptible classes"
    ],
    "note": {
      "typesetting": "TeX",
      "pages": 0,
      "language": "en",
      "license": "arXiv",
      "status": "editable"
    }
  }
}