A Cascade Methodology to Evaluate Black-Box Recognition Systems Based on a Copycat Algorithm
Dinh Nguyen, Nhan Le, Van Mai, Tuong Quan Nguyen, Van Nguyen, The Nguyen
With the significant advancements of deep learning (DL) and convolutional neural networks (CNNs), many complex systems in the field of computer vision (CV) have been effectively solved with promising performance, even equivalent to human capabilities. Images sophistically perturbed in order to cause accurately trained deep learning systems to misclassify have emerged as a significant challenge and major concern in application domains requiring high reliability. These samples are referred to as adversarial examples. Many studies apply white-box attack methods to create these adversarial images. However, white-box attacks might be impractical in real-world applications. In this paper, a cascade methodology is deployed in which the Copycat algorithm is utilized to replicate the behavior of a black-box model (known as an original model) by using a substitute model. The substitute model is employed to generate white-box perturbations, which are then used to evaluate the black-box models. The experiments are conducted with benchmark datasets as MNIST and CIFAR10 and a facial recognition system as a real use-case. The results show impressive outcomes, as the majority of the adversarial samples generated can significantly reduce the overall accuracy and reliability of facial recognition systems up to over 80%.
DownloadPaper Citation
in Harvard Style
Nguyen D., Le N., Mai V., Quan Nguyen T., Nguyen V. and Nguyen T. (2024). A Cascade Methodology to Evaluate Black-Box Recognition Systems Based on a Copycat Algorithm. In Proceedings of the 19th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 2: VISAPP; ISBN 978-989-758-679-8, SciTePress, pages 662-670. DOI: 10.5220/0012402500003660
in Bibtex Style
author={Dinh Nguyen and Nhan Le and Van Mai and Tuong Quan Nguyen and Van Nguyen and The Nguyen},
title={A Cascade Methodology to Evaluate Black-Box Recognition Systems Based on a Copycat Algorithm},
booktitle={Proceedings of the 19th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 2: VISAPP},
in EndNote Style
JO - Proceedings of the 19th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 2: VISAPP
TI - A Cascade Methodology to Evaluate Black-Box Recognition Systems Based on a Copycat Algorithm
SN - 978-989-758-679-8
AU - Nguyen D.
AU - Le N.
AU - Mai V.
AU - Quan Nguyen T.
AU - Nguyen V.
AU - Nguyen T.
PY - 2024
SP - 662
EP - 670
DO - 10.5220/0012402500003660
PB - SciTePress