Towards Efficiently Evaluating the Robustness of Deep Neural Networks in IoT Systems: A GAN-based Method

TL;DR

This paper introduces AI-GAN, a novel GAN-based framework that efficiently generates adversarial examples to evaluate the robustness of deep neural networks in IoT systems, achieving high success rates on complex datasets.

Contribution

The paper presents a new GAN-based method for efficient adversarial example generation, scalable to complex datasets, improving evaluation speed and success rates over existing approaches.

Findings

AI-GAN achieves high attack success rates on multiple datasets.

It significantly reduces adversarial example generation time.

It scales effectively to complex datasets like CIFAR-100 and ImageNet.

Abstract

Intelligent Internet of Things (IoT) systems based on deep neural networks (DNNs) have been widely deployed in the real world. However, DNNs are found to be vulnerable to adversarial examples, which raises people's concerns about intelligent IoT systems' reliability and security. Testing and evaluating the robustness of IoT systems becomes necessary and essential. Recently various attacks and strategies have been proposed, but the efficiency problem remains unsolved properly. Existing methods are either computationally extensive or time-consuming, which is not applicable in practice. In this paper, we propose a novel framework called Attack-Inspired GAN (AI-GAN) to generate adversarial examples conditionally. Once trained, it can generate adversarial perturbations efficiently given input images and target classes. We apply AI-GAN on different datasets in white-box settings, black-box settings and targeted models protected by state-of-the-art defenses. Through extensive experiments, AI-GAN achieves high attack success rates, outperforming existing methods, and reduces generation time significantly. Moreover, for the first time, AI-GAN successfully scales to complex datasets e.g. CIFAR-100 and ImageNet, with about $90\%$ success rates among all classes.