Automating Defense Against Adversarial Attacks: Discovery of Vulnerabilities and Application of Multi-INT Imagery to Protect Deployed Models

TL;DR

This paper presents an automated defense method against adversarial attacks on image classification models using multi-spectral imagery and ensemble learning, revealing vulnerabilities and enhancing model robustness in overhead applications.

Contribution

It introduces a novel hybrid approach combining offensive and defensive techniques, utilizing multi-spectral data to detect and mitigate adversarial vulnerabilities in deployed models.

Findings

Identified vulnerabilities in MobileNetV2 to adversarial attacks.

Demonstrated effectiveness of multi-spectral data in defending models.

Automated key outcomes for model protection against adversaries.

Abstract

Image classification is a common step in image recognition for machine learning in overhead applications. When applying popular model architectures like MobileNetV2, known vulnerabilities expose the model to counter-attacks, either mislabeling a known class or altering box location. This work proposes an automated approach to defend these models. We evaluate the use of multi-spectral image arrays and ensemble learners to combat adversarial attacks. The original contribution demonstrates the attack, proposes a remedy, and automates some key outcomes for protecting the model's predictions against adversaries. In rough analogy to defending cyber-networks, we combine techniques from both offensive ("red team") and defensive ("blue team") approaches, thus generating a hybrid protective outcome ("green team"). For machine learning, we demonstrate these methods with 3-color channels plus infrared for vehicles. The outcome uncovers vulnerabilities and corrects them with supplemental data inputs commonly found in overhead cases particularly.