dc.contributor.author | Vadillo Jueguen, Jon | |
dc.contributor.author | Santana Hermida, Roberto | |
dc.contributor.author | Lozano Alonso, José Antonio | |
dc.date.accessioned | 2023-06-22T17:38:55Z | |
dc.date.available | 2023-06-22T17:38:55Z | |
dc.date.issued | 2022-01 | |
dc.identifier.citation | Knowledge-Based Systems 236 : (2022) // Article ID 107719 | es_ES |
dc.identifier.issn | 1872-7409 | |
dc.identifier.issn | 0950-7051 | |
dc.identifier.uri | http://hdl.handle.net/10810/61570 | |
dc.description.abstract | The reasons why Deep Neural Networks are susceptible to being fooled by adversarial examples remains an open discussion. Indeed, many different strategies can be employed to efficiently generate adversarial attacks, some of them relying on different theoretical justifications. Among these strategies, universal (input-agnostic) perturbations are of particular interest, due to their capability to fool a network independently of the input in which the perturbation is applied. In this work, we investigate an intriguing phenomenon of universal perturbations, which has been reported previously in the literature, yet without a proven justification: universal perturbations change the predicted classes for most inputs into one particular (dominant) class, even if this behavior is not specified during the creation of the perturbation. In order to justify the cause of this phenomenon, we propose a number of hypotheses and experimentally test them using a speech command classification problem in the audio domain as a testbed. Our analyses reveal interesting properties of universal perturbations, suggest new methods to generate such attacks and provide an explanation of dominant classes, under both a geometric and a data-feature perspective. | es_ES |
dc.description.sponsorship | This work is supported by the Basque Government, Spain (BERC 2018–2021 program, project KK-2020/00049 through the ELKARTEK program, IT1244-19, and PRE_2019_1_0128 predoctoral grant), by the Spanish Ministry of Economy and Competitiveness MINECO, Spain (projects TIN2016-78365-R and PID2019-104966GB-I00) and by the Spanish Ministry of Science, Innovation and Universities, Spain (FPU19/03231 predoctoral grant). Jose A. Lozano acknowledges support by the Spanish Ministry of Science, Innovation and Universities, Spain through BCAM Severo Ochoa accreditation (SEV-2017-0718). | es_ES |
dc.language.iso | eng | es_ES |
dc.publisher | Elsevier | es_ES |
dc.relation | info:eu-repo/grantAgreement/MINECO/TIN2016-78365-R | es_ES |
dc.relation | info:eu-repo/grantAgreement/MICINN/PID2019-104966GB-I00 | es_ES |
dc.relation | info:eu-repo/grantAgreement/MICIU/SEV-2017-0718 | es_ES |
dc.rights | info:eu-repo/semantics/openAccess | es_ES |
dc.rights.uri | http://creativecommons.org/licenses/by/3.0/es/ | * |
dc.subject | adversarial examples | es_ES |
dc.subject | universal adversarial perturbations | es_ES |
dc.subject | deep neural networks | es_ES |
dc.subject | robust speech classification | es_ES |
dc.title | Analysis of dominant classes in universal adversarial perturbations | es_ES |
dc.type | info:eu-repo/semantics/article | es_ES |
dc.rights.holder | © 2021 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/) | es_ES |
dc.rights.holder | Atribución 3.0 España | * |
dc.relation.publisherversion | https://www.sciencedirect.com/science/article/pii/S0950705121009643 | es_ES |
dc.identifier.doi | 10.1016/j.knosys.2021.107719 | |
dc.departamentoes | Ciencia de la computación e inteligencia artificial | es_ES |
dc.departamentoeu | Konputazio zientziak eta adimen artifiziala | es_ES |