Toward Improved Reliability of Deep Learning Based Systems Through Online Relabeling of Potential Adversarial Attacks

• Published in: IEEE transactions on reliability Vol. 72; no. 4; pp. 1367 - 1382
• Main Authors: Al-Maliki, Shawqi, Bouanani, Faissal El, Ahmad, Kashif, Abdallah, Mohamed, Hoang, Dinh Thai, Niyato, Dusit, Al-Fuqaha, Ala
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.12.2023; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Adversarial defense; adversarial examples; adversarial machine learning; Algorithms; Artificial neural networks; Crowdsourcing; Deep learning; evasion attacks; History; Machine learning; Mission critical systems; online relabeling; Optimization; Perturbation methods; Reliability; reliable deep learning systems; Robustness; security; Task analysis; Training
• ISSN: 0018-9529; 1558-1721
• DOI: 10.1109/TR.2023.3298685

Deep neural networks have shown vulnerability to well-designed inputs called adversarial examples. Researchers in industry and academia have proposed many adversarial example defense techniques. However, they offer partial but not full robustness. Thus, complementing them with another layer of protection is a must, especially for mission-critical applications. This article proposes a novel online selection and relabeling algorithm (OSRA) that opportunistically utilizes a limited number of crowdsourced workers to maximize the machine learning (ML) system's robustness. The OSRA strives to use crowdsourced workers effectively by selecting the most suspicious inputs and moving them to the crowdsourced workers to be validated and corrected. As a result, the impact of adversarial examples gets reduced, and accordingly, the ML system becomes more robust. We also proposed a heuristic threshold selection method that contributes to enhancing the prediction system's reliability. We empirically validated our proposed algorithm and found that it can efficiently and optimally utilize the allocated budget for crowdsourcing. It is also effectively integrated with a state-of-the-art black box defense technique, resulting in a more robust system. Simulation results show that the OSRA can outperform a random selection algorithm by 60% and achieve comparable performance to an optimal offline selection benchmark. They also show that OSRA's performance has a positive correlation with system robustness.