Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Non-Uniform Illumination Attack for Fooling Convolutional Neural Networks

Akshay Jain, Shiv Ram Dubey, Satish Kumar Singh, KC Santosh, Bidyut Baran Chaudhuri

TL;DR

The paper addresses CNN robustness under non-uniform illumination perturbations by introducing a data-independent NUI attack built from 12 masks and a perturbation weight $k$. It evaluates the attack across CIFAR10, TinyImageNet, and CalTech256 on VGG, ResNet, MobileNetV3-small, and InceptionV3, revealing substantial accuracy declines under several masks. It then proposes NUI-based data augmentation during training as a defense and shows significant robustness gains on perturbed test sets. The findings highlight a practical vulnerability of CNNs to illumination-related perturbations and provide a scalable defense to improve resilience in real-world vision systems.

Abstract

Convolutional Neural Networks (CNNs) have made remarkable strides; however, they remain susceptible to vulnerabilities, particularly in the face of minor image perturbations that humans can easily recognize. This weakness, often termed as 'attacks', underscores the limited robustness of CNNs and the need for research into fortifying their resistance against such manipulations. This study introduces a novel Non-Uniform Illumination (NUI) attack technique, where images are subtly altered using varying NUI masks. Extensive experiments are conducted on widely-accepted datasets including CIFAR10, TinyImageNet, and CalTech256, focusing on image classification with 12 different NUI attack models. The resilience of VGG, ResNet, MobilenetV3-small and InceptionV3 models against NUI attacks are evaluated. Our results show a substantial decline in the CNN models' classification accuracy when subjected to NUI attacks, indicating their vulnerability under non-uniform illumination. To mitigate this, a defense strategy is proposed, including NUI-attacked images, generated through the new NUI transformation, into the training set. The results demonstrate a significant enhancement in CNN model performance when confronted with perturbed images affected by NUI attacks. This strategy seeks to bolster CNN models' resilience against NUI attacks.

Non-Uniform Illumination Attack for Fooling Convolutional Neural Networks

TL;DR

The paper addresses CNN robustness under non-uniform illumination perturbations by introducing a data-independent NUI attack built from 12 masks and a perturbation weight . It evaluates the attack across CIFAR10, TinyImageNet, and CalTech256 on VGG, ResNet, MobileNetV3-small, and InceptionV3, revealing substantial accuracy declines under several masks. It then proposes NUI-based data augmentation during training as a defense and shows significant robustness gains on perturbed test sets. The findings highlight a practical vulnerability of CNNs to illumination-related perturbations and provide a scalable defense to improve resilience in real-world vision systems.

Abstract

Convolutional Neural Networks (CNNs) have made remarkable strides; however, they remain susceptible to vulnerabilities, particularly in the face of minor image perturbations that humans can easily recognize. This weakness, often termed as 'attacks', underscores the limited robustness of CNNs and the need for research into fortifying their resistance against such manipulations. This study introduces a novel Non-Uniform Illumination (NUI) attack technique, where images are subtly altered using varying NUI masks. Extensive experiments are conducted on widely-accepted datasets including CIFAR10, TinyImageNet, and CalTech256, focusing on image classification with 12 different NUI attack models. The resilience of VGG, ResNet, MobilenetV3-small and InceptionV3 models against NUI attacks are evaluated. Our results show a substantial decline in the CNN models' classification accuracy when subjected to NUI attacks, indicating their vulnerability under non-uniform illumination. To mitigate this, a defense strategy is proposed, including NUI-attacked images, generated through the new NUI transformation, into the training set. The results demonstrate a significant enhancement in CNN model performance when confronted with perturbed images affected by NUI attacks. This strategy seeks to bolster CNN models' resilience against NUI attacks.
Paper Structure (21 sections, 19 figures, 3 tables, 1 algorithm)

This paper contains 21 sections, 19 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related work
  3. Adversarial Attacks Using Brightness
  4. defense Against Brightness Attacks
  5. Proposed Non-Uniform Illumination Attack
  6. Proposed NUI Attacks
  7. Effect of NUI Attacks
  8. Proposed Workflow using NUI Attacks
  9. Experimental Settings
  10. Datasets
  11. CNN Architectures Used
  12. Training Settings
  13. Experimental Results and Analysis
  14. Qualitative Results
  15. Quantitative Results
  16. ...and 6 more sections

Figures (19)

  • Figure 1: An overview of the NUI attack to fool the CNN models (image classification): test images are transformed through NUI attacks and their corresponding performance.
  • Figure 2: $1^{st}$ column in the figure contains original images. The $2^{nd}$ to $13^{th}$ columns contain the images perturbed using mask $1^{st}$ to $12^{th}$ , respectively. The images are taken from CIFAR10, TinyImageNet, and CalTech256 datasets.
  • Figure 3: The workflow of the proposed method and the experimental settings used for the training and testing of the CNN models using NUI attack.
  • Figure 4: Predictions of ResNet18 for an original test image and NUI attacked images using different masks with varying weight ($k$). 'Prob' refers to probability and M$i$ refers to $i^{th}$ mask.
  • Figure 5: Results of VGG16 model on CIFAR10 dataset under different NUI attacks (test set). Blue and orange curves show the performance of the model trained on the original training set and the NUI perturbed training set, respectively.
  • ...and 14 more figures