• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.724-726
• /
• 2022

딥페이크(deepfake)로 인한 디지털 범죄는 날로 교묘해지면서 사회적으로 큰 파장을 불러일으키고 있다. 이때, 딥러닝 기반 모델의 오류를 발생시키는 적대적 공격(adversarial attack)의 등장으로 딥페이크를 탐지하는 모델의 취약성이 증가하고 있고, 이는 매우 치명적인 결과를 초래한다. 본 연구에서는 2 가지 방법을 통해 적대적 공격에도 영향을 받지 않는 강인한(robust) 모델을 구축하는 것을 목표로 한다. 모델 강화 기법인 적대적 학습(adversarial training)과 영상처리 기반 방어 기법인 크기 변환(resizing), JPEG 압축을 통해 적대적 공격에 대한 강인성을 입증한다.

• Journal of Communications and Networks
• /
• v.15 no.2
• /
• pp.153-163
• /
• 2013

In recent years, more and more researches have been focusing on trust management of vehicle ad-hoc networks (VANETs) for improving the safety of vehicles. However, in these researches, little attention has been paid to the location privacy due to the natural conflict between trust and anonymity, which is the basic protection of privacy. Although traffic safety remains the most crucial issue in VANETs, location privacy can be just as important for drivers, and neither can be ignored. In this paper, we propose a beacon-based trust management system, called BTM, that aims to thwart internal attackers from sending false messages in privacy-enhanced VANETs. To evaluate the reliability and performance of the proposed system, we conducted a set of simulations under alteration attacks, bogus message attacks, and message suppression attacks. The simulation results show that the proposed system is highly resilient to adversarial attacks, whether it is under a fixed silent period or random silent period location privacy-enhancement scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.89-98
• /
• 2022

As deep learning technology was applied to various fields, research on adversarial attack techniques, a security problem of deep learning models, was actively studied. adversarial attacks have been mainly studied in the field of images. Recently, they have even developed a complete decision-based attack technique that can attack with just the classification results of the model. However, in the case of the audio field, research is relatively slow. In this paper, we applied several decision-based attack techniques to the audio field and improved state-of-the-art attack techniques. State-of-the-art decision-attack techniques have the disadvantage of requiring many queries for gradient approximation. In this paper, we improve query efficiency by proposing a method of reducing the vector search space required for gradient approximation. Experimental results showed that the attack success rate was increased by 50%, and the difference between original audio and adversarial examples was reduced by 75%, proving that our method could generate adversarial examples with smaller noise.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.17 no.2
• /
• pp.113-120
• /
• 2024

The population sparseness index(PSI) is being utilized to describe the functioning of internal layers in artificial neural networks from the perspective of neurons, shedding light on the black-box nature of the network's internal operations. There is research indicating a positive correlation between the PSI and performance in each layer of convolutional neural network models for image classification. In this study, we observed the internal operations of a convolutional neural network when adversarial examples were applied. The results of the experiments revealed a similar pattern of positive correlation for adversarial examples, which were modified to maintain 5% accuracy compared to applying benign data. Thus, while there may be differences in each adversarial attack, the observed PSI for adversarial examples demonstrated consistent positive correlations with benign data across layers.

• Journal of Broadcast Engineering
• /
• v.26 no.7
• /
• pp.844-854
• /
• 2021

Semi-supervised learning (SSL) and few-shot learning (FSL) have shown impressive performance even then the volume of labeled data is very limited. However, SSL and FSL can encounter a significant performance degradation if the diversity gap between the labeled and unlabeled data is high. To reduce this diversity gap, we propose a novel scheme that relies on an autoencoder for generating pseudo examples. Specifically, the autoencoder is trained on a specific class using the available labeled data and the decoder of the trained autoencoder is then used to generate N samples of that specific class based on N random noise, sampled from a standard normal distribution. The above process is repeated for all the classes. Consequently, the generated data reduces the diversity gap and enhances the model performance. Extensive experiments on MNIST and FashionMNIST datasets for SSL and FSL verify the effectiveness of the proposed approach in terms of classification accuracy and robustness against adversarial attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.243-245
• /
• 2022

다양한 분야에서 심층 신경망 기반 모델이 사용되면서 뛰어난 성능을 보이고 있다. 그러나 기계학습 모델의 오작동을 유도하는 적대적 공격(adversarial attack)에 의해 심층 신경망 모델의 취약성이 드러났다. 보안 분야에서는 이러한 취약성을 보완하기 위해 의도적으로 모델을 공격함으로써 모델의 강건함을 검증한다. 현재 2D 이미지에 대한 적대적 공격은 활발한 연구가 이루어지고 있지만, 3D 데이터에 대한 적대적 공격 연구는 그렇지 않은 실정이다. 본 논문에서는 뉴럴 렌더링(neural rendering)과 적대적 공격, 그리고 3D 표현에 적대적 공격을 적용한 연구를 조사해 이를 통해 추후 뉴럴 렌더링에서 일어나는 적대적 공격 연구에 도움이 될 것을 기대한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.619-620
• /
• 2023

본 논문에서는 AI 모델이 노출될 수 있는 적대적 공격을 연구한 논문이다. AI 쳇봇이 적대적 공격에 노출됨에 따라 최근 보안 침해 사례가 다수 발생하고 있다. 이에 대해 본 논문에서는 적대적 공격이 무엇인지 조사하고 적대적 공격에 대응하거나 사전에 방어하는 방안을 연구하고자 한다. 적대적 공격의 종류 4가지와 대응 방안을 조사하고, AI 모델의 보안 중요성을 강조하고 있다. 또한, 이런 적대적 공격을 방어할 수 있도록 대응 방안을 추가로 조사해야 한다고 결론을 내리고 있다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.621-623
• /
• 2023

본 논문에서는 기계 학습 모델의 취약점과 대응책에 초점을 맞추어 적대적인 기계 학습 공격 및 방어 분야를 탐구한다. 신중하게 만들어진 입력 데이터를 도입하여 기계 학습 모델을 속이거나 조작하는 것을 목표로 하는 적대적 공격에 대한 심층 분석을 제공한다. 이 논문은 회피 및 독성 공격을 포함한 다양한 유형의 적대적 공격을 조사하고 기계 학습 시스템의 안정성과 보안에 대한 잠재적 영향을 조사한다. 또한 적대적 공격에 대한 기계 학습 모델의 견고성을 향상시키기 위해 다양한 방어 메커니즘과 전략을 제안하고 평가한다. 본 논문은 광범위한 실험과 분석을 통해 적대적 기계 학습에 대한 이해에 기여하고 효과적인 방어 기술에 대한 통찰력을 제공하는 것을 목표로 한다.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.57-66
• /
• 2021

Deep neural networks (DNNs) provide excellent performance for image, speech, and pattern recognition. However, DNNs sometimes misrecognize certain adversarial examples. An adversarial example is a sample that adds optimized noise to the original data, which makes the DNN erroneously misclassified, although there is nothing wrong with the human eye. Therefore studies on defense against adversarial example attacks are required. In this paper, we have experimentally analyzed the success rate of detection for adversarial examples by adjusting various parameters. The performance of the ensemble defense method was analyzed using fast gradient sign method, DeepFool method, Carlini & Wanger method, which are adversarial example attack methods. Moreover, we used MNIST as experimental data and Tensorflow as a machine learning library. As an experimental method, we carried out performance analysis based on three adversarial example attack methods, threshold, number of models, and random noise. As a result, when there were 7 models and a threshold of 1, the detection rate for adversarial example is 98.3%, and the accuracy of 99.2% of the original sample is maintained.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.201-207
• /
• 2024

Voice is a critical element of human communication, and the development of speech recognition models is one of the significant achievements in artificial intelligence, which has recently been applied in various aspects of human life. The application of speech recognition models in the military field is also inevitable. However, before artificial intelligence models can be applied in the military, it is necessary to research their vulnerabilities. In this study, we evaluates the military applicability of the multilingual speech recognition model "Whisper" by examining its vulnerabilities to battlefield noise, white noise, and adversarial attacks. In experiments involving battlefield noise, Whisper showed significant performance degradation with an average Character Error Rate (CER) of 72.4%, indicating difficulties in military applications. In experiments with white noise, Whisper was robust to low-intensity noise but showed performance degradation under high-intensity noise. Adversarial attack experiments revealed vulnerabilities at specific epsilon values. Therefore, the Whisper model requires improvements through fine-tuning, adversarial training, and other methods.