Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

ASK: Adversarial Soft k-Nearest Neighbor Attack and Defense

Journal Article · · IEEE Access
 [1];  [2];  [2];  [3];  [2];  [2]
  1. Univ. of Michigan, Ann Arbor, MI (United States); Illinois Institute of Technology, Chicago, IL (United States); University of Michigan
  2. Univ. of Michigan, Ann Arbor, MI (United States)
  3. Michigan State Univ., East Lansing, MI (United States)
+ Show Author Affiliations
K-Nearest Neighbor (kNN)-based deep learning methods have been applied to many applications due to their simplicity and geometric interpretability. However, the robustness of kNN-based deep classification models has not been thoroughly explored and kNN attack strategies are underdeveloped. In this paper, we first propose an Adversarial Soft kNN (ASK) loss for developing more effective kNN-based deep neural network attack strategies and designing better defense methods against them. Our ASK loss provides a differentiable surrogate of the expected kNN classification error. It is also interpretable as it preserves the mutual information between the perturbed input and the in-class-reference data. We use the ASK loss to design a novel attack method called the ASK-Attack (ASK-Atk), which shows superior attack efficiency and accuracy degradation relative to previous kNN attacks on hidden layers. We then derive an ASK-Defense (ASK-Def) method that optimizes the worst-case ASK training loss. Experiments on CIFAR-10 (ImageNet) show that (i) ASK-Atk achieves ≥13% (≥ 13% ) improvement in attack success rate over previous kNN attacks, and (ii) ASK-Def outperforms the conventional adversarial training method by ≥ 6.9% (≥ 3.5% ) in terms of robustness improvement. Relevant codes are available at https://github.com/wangren09/ASK .
Research Organization:
Georgia Institute of Technology, Atlanta, GA (United States)
Sponsoring Organization:
Defense Advanced Research Projects Agency (DARPA); US Army Research Office (ARO); USDOE National Nuclear Security Administration (NNSA)
Grant/Contract Number:
NA0003921
OSTI ID:
1922471
Journal Information:
IEEE Access, Journal Name: IEEE Access Vol. 10; ISSN 2169-3536
Publisher:
IEEECopyright Statement
Country of Publication:
United States
Language:
English

References (9)

Gradient-based learning applied to document recognition journal January 1998
A New Re-Ranking Method Based on Convolutional Neural Network and Two Image-to-Class Distances for Remote Sensing Image Retrieval journal January 2019
Predicting Green Consumption Behaviors of Students Using Efficient Firefly Grey Wolf-Assisted K-Nearest Neighbor Classifiers journal January 2020
RAILS: A Robust Adversarial Immune-Inspired Learning System journal January 2022
Analyzing the Robustness of Deep Learning Against Adversarial Examples conference October 2018
AcFR: Active Face Recognition Using Convolutional Neural Networks conference July 2017
I-Vector Transformation Using K-Nearest Neighbors for Speaker Verification conference May 2020
On the Robustness of Deep K-Nearest Neighbors conference May 2019
Nearest neighbor pattern classification journal January 1967

Similar Records

Topological Signatures of Adversaries in Multimodal Alignments
Software · Sun Nov 30 19:00:00 EST 2025 · OSTI ID:code-171703
Effects of Jacobian Matrix Regularization on the Detectability of Adversarial Samples
Technical Report · Tue Sep 01 00:00:00 EDT 2020 · OSTI ID:1763568
Exploiting the Local Parabolic Landscapes of Adversarial Losses to Accelerate Black-Box Adversarial Attack
Conference · Tue Nov 01 00:00:00 EDT 2022 · OSTI ID:1997810

Related Subjects

97 MATHEMATICS AND COMPUTING
ASK-attack
ASK-defense
Deep learning
K-nearest neighbor
adversarial soft kNN