Defending CNN Against FGSM Attacks Using Beta-Based Personalized Activation Functions and Adversarial Training

Hanen Issaoui; Asma Eladel; Ahmed Zouinkhi; Mourad Zaied; Lazhar Khriji; Sarvar Hussain Nengroo

doi:10.1109/ACCESS.2024.3432773

IEEE Access (Jan 2024)

Defending CNN Against FGSM Attacks Using Beta-Based Personalized Activation Functions and Adversarial Training

Hanen Issaoui,
Asma Eladel,
Ahmed Zouinkhi,
Mourad Zaied,
Lazhar Khriji,
Sarvar Hussain Nengroo

Affiliations

Hanen Issaoui: ORCiD; Research Team in Intelligent Machines (RTIM), University of Gabes, Gabes, Tunisia
Asma Eladel: Research Team in Intelligent Machines (RTIM), University of Gabes, Gabes, Tunisia
Ahmed Zouinkhi: ORCiD; MACS Laboratory LR 16ES22, National Engineering School of Gabes, University of Gabes, Gabes, Tunisia
Mourad Zaied: ORCiD; Research Team in Intelligent Machines (RTIM), University of Gabes, Gabes, Tunisia
Lazhar Khriji: ORCiD; Department of Electrical and Computer Engineering, College of Engineering, Sultan Qaboos University, Muscat, Oman
Sarvar Hussain Nengroo: ORCiD; Cho Chun Shik Graduate School of Mobility, Korea Advanced Institute of Science and Technology (KAIST), Yuseong-gu, Daejeon, South Korea

DOI: https://doi.org/10.1109/ACCESS.2024.3432773
Journal volume & issue: Vol. 12
pp. 138341 – 138350

Abstract

Read online

Machine learning algorithms based on deep neural networks have been widely used in many fields especially in computer vision, with impressive results. However, these models are vulnerable to different types of attacks like adversarial ones, which require attention to the model security and confidentiality. This study proposes a defense strategy to improve the insurance of white-box models while minimizing adversarial attacks against Fast Gradient Sign Method (FGSM)-based attacks and tackling the issue of adversarial training to improve their robustness. Mainly, we proposed a CNN model based on personalized activation functions using Beta function and its primitive. Then, the new resulted low degree polynomials are used to approximate the ReLU, Sigmoid and Tanh activation functions. Batch normalization was evoked to significantly improve the learning capacity of neural networks. The obtained results, using Mnist dataset prove the effectiveness of the proposed model.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords