Exploring Secure Machine Learning Through Payload Injection and FGSM Attacks on ResNet-50
Umesh Yadav, Suman Niroula, Gaurav Kumar Gupta, Bicky Yadav
TL;DR
This work investigates the resilience of a pre-trained ResNet-50 image classifier under FGSM adversarial perturbations and malicious payload injection. Using a 15-image evaluation, the authors measure accuracy, prediction confidence, and payload-extraction success, finding that FGSM leaves overall accuracy unchanged at 53.33% while increasing confidence in incorrect predictions, and that payload injection achieves a 93.33% success rate with similar confidence inflation. The results reveal a vulnerability where high-confidence misclassifications can be promoted without degrading accuracy, and where payloads can be embedded and later extracted with high success. These findings highlight the need for robust defenses and threat-models in security-critical image classification tasks and motivate future work exploring stronger attacks, defenses, and diverse architectures.
Abstract
This paper investigates the resilience of a ResNet-50 image classification model under two prominent security threats: Fast Gradient Sign Method (FGSM) adversarial attacks and malicious payload injection. Initially, the model attains a 53.33% accuracy on clean images. When subjected to FGSM perturbations, its overall accuracy remains unchanged; however, the model's confidence in incorrect predictions notably increases. Concurrently, a payload injection scheme is successfully executed in 93.33% of the tested samples, revealing how stealthy attacks can manipulate model predictions without degrading visual quality. These findings underscore the vulnerability of even high-performing neural networks and highlight the urgency of developing more robust defense mechanisms for security-critical applications.