Topic- Effect of Cascading Attacks on an Ensemble Defense
Deep learning (DL) models are being widely adopted for security-sensitive applications like autonomous driving, facial recognition, etc. Exploring the vulnerability of such models have become an emergent topic has proposed a strategy involving an ensemble of substitute models for black-box attacks. They have also proposed a technique of augmenting the training data using perturbations generated by an ensemble of substitute models have empirically proved the effectiveness of this technique. However, we have observed that in all the related papers, researchers have only used a single attack method at a time. In this paper we introduce a new strategy that uses a cascade of attack methods to generate adversarial data. We demonstrate that our proposed technique leads to a stronger attack and defense.
Team-ESS
Eiram Mahera Sheikh - 7008718 ([email protected])
Shayari Bhattacharjee - 7009998 ([email protected])
Shravan Swaminathan - 7002213 ([email protected])