research-article

Lateralized learning for robustness against adversarial attacks in a visual classification system

Authors:

Abubakar Siddique,

Will N. Browne,

Gina M. GrimshawAuthors Info & Claims

GECCO '20: Proceedings of the 2020 Genetic and Evolutionary Computation Conference

Pages 395 - 403

https://doi.org/10.1145/3377930.3390164

Published: 26 June 2020 Publication History

Abstract

Deep learning is an important field of machine learning. It is playing a critical role in a variety of applications ranging from self-driving cars to security and surveillance. However, deep networks have deep flaws. For example, they are highly vulnerable to adversarial attacks. One reason may be the homogeneous nature of their knowledge representation, which allows a single disruptive pattern to cause miss-classification. Biological intelligence has lateral asymmetry, which allows heterogeneous, modular learning at different levels of abstraction, enabling different representations of the same object.

This work aims to incorporate lateralization and modular learning at different levels of abstraction in an evolutionary machine learning system. The results of image classification tasks show that the lateralized system efficiently learns hierarchical distributions of knowledge, demonstrating performance that is similar to (or better than) other state-of-the-art deep systems as it reasons using multiple representations. Crucially, the novel system outperformed all the state-of-the-art deep models for the classification of normal and adversarial images by 0.43% -- 2.56% and 2.15% -- 25.84%, respectively. Lateralisation enabled the system to exhibit robustness beyond previous work, which advocates for the creation of data sets that enable components of objects and the objects themselves to be learned specifically or in an end-to-end manner.

References

[1]

Naveed Akhtar, Jian Liu, and Ajmal Mian. 2018. Defense against universal adversarial perturbations. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 3389--3398.

[2]

Naveed Akhtar and Ajmal Mian. 2018. Threat of adversarial attacks on deep learning in computer vision: A survey. IEEE Access 6 (2018), 14410--14430.

[3]

Andrew S Alexander and Douglas A Nitz. 2015. Retrosplenial cortex maps the conjunction of internal and external spaces. Nature Neuroscience 18, 8 (2015), 1143--1151.

[4]

Marie T Banich and Rebecca Compton. 2010. Cognitive Neuroscience. Nelson Education.

[5]

Yoshua Bengio, Aaron Courville, and Pascal Vincent. 2013. Representation learning: A review and new perspectives. IEEE transactions on pattern analysis and machine intelligence 35, 8 (2013), 1798--1828.

Digital Library

[6]

Ester Bernadó-Mansilla and Josep M Garrell-Guiu. 2003. Accuracy-based learning classifier systems: models, analysis and applications to classification tasks. Evolutionary computation 11, 3 (2003), 209--238.

[7]

Arjun Nitin Bhagoji, Daniel Cullina, Chawin Sitawarin, and Prateek Mittal. 2018. Enhancing robustness of machine learning systems via data transformations. In 2018 52nd Annual Conference on Information Sciences and Systems (CISS). IEEE, 1--5.

[8]

Mariusz Bojarski, Davide Del Testa, Daniel Dworakowski, Bernhard Firner, Beat Flepp, Prasoon Goyal, Lawrence D Jackel, Mathew Monfort, Urs Muller, Jiakai Zhang, et al. 2016. End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 (2016).

[9]

Yu-Chen Chan, Tai-Li Chou, Hsueh-Chih Chen, Yu-Chu Yeh, Joseph P Lavallee, Keng-Chen Liang, and Kuo-En Chang. 2013. Towards a neural circuit model of verbal humor processing: An fMRI study of the neural substrates of incongruity detection and resolution. Neuroimage 66 (2013), 169--176.

[10]

Sarath Chandra. 2020. Implementation of Papers on Adversarial Examples. https://github.com/sarathknv/adversarial-examples-pytorch/tree/master. [Online; accessed Feb 02, 2020].

[11]

Junkai Chen, Zenghai Chen, Zheru Chi, and Hong Fu. 2014. Facial expression recognition based on facial components detection and hog features. In International workshops on electrical and computer engineering subfields. 884--888.

[12]

Navneet Dalal and Bill Triggs. 2005. Histograms of oriented gradients for human detection. In 2005 IEEE computer society conference on computer vision and pattern recognition (CVPR'05), Vol. 1. IEEE, 886--893.

[13]

Li Deng, Dong Yu, et al. 2014. Deep learning: methods and applications. Foundations and Trends® in Signal Processing 7, 3--4 (2014), 197--387.

[14]

M Dharmaretnam and LJ Rogers. 2005. Hemispheric specialization and dual processing in strongly versus weakly lateralized chicks. Behavioural Brain Research 162, 1 (2005), 62--70.

[15]

Gintare Karolina Dziugaite, Zoubin Ghahramani, and Daniel M Roy. 2016. A study of the effect of jpg compression on adversarial images. arXiv preprint arXiv:1608.00853 (2016).

[16]

Miriam Faust and Yoed N Kenett. 2014. Rigidity, chaos and integration: hemispheric interaction and individual differences in metaphor comprehension. Frontiers in Human Neuroscience 8 (2014).

[17]

Anastasia V Flevaris and Lynn C Robertson. 2016. Spatial frequency selection and integration of global and local information in visual processing: A selective review and tribute to Shlomo Bentin. Neuropsychologia 83 (2016), 192--200.

[18]

Stefan Frässle, Frieder Michel Paulus, Sören Krach, Stefan Robert Schweinberger, Klaas Enno Stephan, and Andreas Jansen. 2016. Mechanisms of hemispheric lateralization: Asymmetric interhemispheric recruitment in the face perception network. Neuroimage 124 (2016), 977--988.

[19]

William H Gaddes. 2013. Learning disabilities and brain function: A neuropsychological approach. Springer Science & Business Media.

[20]

Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).

[21]

Gina M Grimshaw, Julie Anne Séguin, and Hazel K Godfrey. 2009. Once more with feeling: The effects of emotional prosody on hemispheric specialisation for linguistic processing. Journal of Neurolinguistics 22, 4 (2009), 313--326.

[22]

Shixiang Gu and Luca Rigazio. 2014. Towards deep neural network architectures robust to adversarial examples. arXiv preprint arXiv:1412.5068 (2014).

[23]

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770--778.

[24]

Gregory Hickok and David Poeppel. 2016. Neural basis of speech perception. In Neurobiology of Language. Elsevier, 299--310.

[25]

JH Holland and JS Reitman. 1998. Cognitive systems based on adaptive algorithms Reprinted in: Evolutionary computation. The fossil record. IEEE Press, New York (1998).

[26]

Forrest N Iandola, Song Han, Matthew W Moskewicz, Khalid Ashraf, William J Dally, and Kurt Keutzer. 2016. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and < 0.5 MB model size. arXiv preprint arXiv:1602.07360 (2016).

[27]

kaggleCats. 2020. kaggleCats. https://www.kaggle.com/crawford/cat-dataset. [Online; accessed Feb 02, 2020].

[28]

Yan Ke, Rahul Sukthankar, Larry Huston, Yan Ke, and Rahul Sukthankar. 2004. Efficient near-duplicate detection and sub-image retrieval. In Acm Multimedia, Vol. 4. Citeseer, 5.

[29]

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Advances in neural information processing systems. 1097--1105.

[30]

Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016).

[31]

Jiongxin Liu, Angjoo Kanazawa, David Jacobs, and Peter Belhumeur. 2012. Dog breed classification using part localization. In European conference on computer vision. Springer, 172--185.

Digital Library

[32]

David G Lowe. 1999. Object recognition from local scale-invariant features. In Proceedings of the seventh IEEE international conference on computer vision, Vol. 2. Ieee, 1150--1157.

[33]

David G Lowe. 2004. Distinctive image features from scale-invariant keypoints. International journal of computer vision 60, 2 (2004), 91--110.

Digital Library

[34]

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).

[35]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. In Proceedings of the IEEE conference on computer vision and pattern recognition. 1765--1773.

[36]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 2574--2582.

[37]

Maryam M Najafabadi, Flavio Villanustre, Taghi M Khoshgoftaar, Naeem Seliya, Randall Wald, and Edin Muharemagic. 2015. Deep learning applications and challenges in big data analytics. Journal of Big Data 2, 1 (2015), 1.

[38]

Douglas A Nitz. 2012. Spaces within spaces: Rat parietal cortex neurons register position across three reference frames. Nature Neuroscience 15, 10 (2012), 1365--1367.

[39]

open source. 2020. C++ Library for machine learning. http://dlib.net/files/data/. [Online; accessed Feb 02, 2020].

[40]

Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2016. Distillation as a defense to adversarial perturbations against deep neural networks. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 582--597.

[41]

Lynn C Robertson and Dean C Delis. 1986. Part-whole processing in unilateral brain-damaged patients: Dysfunction of hierarchical organization. Neuropsychologia 24, 3 (1986), 363--370.

[42]

Lynn C Robertson and Richard Ivry. 2000. Hemispheric asymmetries: Attention to visual and auditory primitives. Current Directions in Psychological Science 9, 2 (2000), 59--63.

[43]

Lynn C Robertson and Marvin R Lamb. 1991. Neuropsychological contributions to theories of part/whole organization. Cognitive Psychology 23, 2 (1991), 299--330.

[44]

Lesley J Rogers, Paolo Zucca, and Giorgio Vallortigara. 2004. Advantages of having a lateralized brain. Proceedings of the Royal Society of London B: Biological Sciences 271, Suppl 6 (2004), S420--S422.

[45]

Andrew Slavin Ross and Finale Doshi-Velez. 2018. Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. In Thirty-second AAAI conference on artificial intelligence.

[46]

Swami Sankaranarayanan, Arpit Jain, Rama Chellappa, and Ser Nam Lim. 2018. Regularizing deep networks using efficient layerwise adversarial training. In Thirty-Second AAAI Conference on Artificial Intelligence.

[47]

Jürgen Schmidhuber. 2015. Deep learning in neural networks: An overview. Neural networks 61 (2015), 85--117.

[48]

Abubakar Siddique, Muhammad Iqbal, and Will N Browne. 2016. A comprehensive strategy for mammogram image classification using learning classifier systems. In Evolutionary Computation (CEC), 2016 IEEE Congress on. IEEE, 2201--2208.

Digital Library

[49]

Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014).

[50]

David E Stark, Daniel S Margulies, Zarrar E Shehzad, Philip Reiss, AM Clare Kelly, Lucina Q Uddin, Dylan G Gee, Amy K Roy, Marie T Banich, F Xavier Castellanos, et al. 2008. Regional variation in interhemispheric coordination of intrinsic hemodynamic fluctuations. Journal of Neuroscience 28, 51 (2008), 13754--13764.

[51]

Jiawei Su, Danilo Vasconcellos Vargas, and Kouichi Sakurai. 2019. One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation 23, 5 (2019), 828--841.

[52]

Ryan J Urbanowicz and Jason H Moore. 2009. Learning classifier systems: a complete introduction, review, and roadmap. Journal of Artificial Evolution and Applications 2009 (2009), 1.

[53]

Serena K Yelle and Gina M Grimshaw. 2009. Hemispheric specialization for linguistic processing of sung speech. Perceptual and Motor Skills 108, 1 (2009), 219--228.

Cited By

Siddique AHeider MIqbal MShiraishi HLi XHandl J(2024)A Survey on Learning Classifier Systems from 2022 to 2024Proceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3664165(1797-1806)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3664165
Siddique AIqbal MBrowne W(2024)Enhancing Visual Focus: Incorporating Attention into Rule-Based Machine Learning2024 39th International Conference on Image and Vision Computing New Zealand (IVCNZ)10.1109/IVCNZ64857.2024.10794461(1-6)Online publication date: 4-Dec-2024
https://doi.org/10.1109/IVCNZ64857.2024.10794461
Dhamija LBansal U(2024)How to Defend and Secure Deep Learning Models Against Adversarial Attacks in Computer Vision: A Systematic ReviewNew Generation Computing10.1007/s00354-024-00283-042:5(1165-1235)Online publication date: 12-Oct-2024
https://doi.org/10.1007/s00354-024-00283-0
Show More Cited By

Index Terms

Lateralized learning for robustness against adversarial attacks in a visual classification system
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches

Recommendations

Learning classifier systems: appreciating the lateralized approach
GECCO '20: Proceedings of the 2020 Genetic and Evolutionary Computation Conference Companion

Biological nervous systems can learn knowledge from simple and small-scale problems and then apply it to resolve more complex and large-scale problems in similar and related domains. However, the rudimentary attempts to apply this transfer learning in ...
Adversarial Attacks and Defenses: An Interpretation Perspective

Despite the recent advances in a wide spectrum of applications, machine learning models, especially deep neural networks, have been shown to be vulnerable to adversarial attacks. Attackers add carefully-crafted perturbations to input, where the ...
Lateralized Approach for Robustness Against Attacks in Emotion Categorization from Images
Applications of Evolutionary Computation
Abstract
Deep learning has achieved a high classification accuracy on image classification tasks, including emotion categorization. However, deep learning models are highly vulnerable to adversarial attacks. Even a small change, imperceptible to a human (...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '20: Proceedings of the 2020 Genetic and Evolutionary Computation Conference

June 2020

1349 pages

ISBN:9781450371285

DOI:10.1145/3377930

General Chair:
Carlos Artemio Coello Coello
CINVESTAV-IPN

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGEVO: ACM Special Interest Group on Genetic and Evolutionary Computation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

SFTI

Conference

GECCO '20

Sponsor:

SIGEVO

GECCO '20: Genetic and Evolutionary Computation Conference

July 8 - 12, 2020

Cancún, Mexico

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
145
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Siddique AHeider MIqbal MShiraishi HLi XHandl J(2024)A Survey on Learning Classifier Systems from 2022 to 2024Proceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3664165(1797-1806)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3664165
Siddique AIqbal MBrowne W(2024)Enhancing Visual Focus: Incorporating Attention into Rule-Based Machine Learning2024 39th International Conference on Image and Vision Computing New Zealand (IVCNZ)10.1109/IVCNZ64857.2024.10794461(1-6)Online publication date: 4-Dec-2024
https://doi.org/10.1109/IVCNZ64857.2024.10794461
Dhamija LBansal U(2024)How to Defend and Secure Deep Learning Models Against Adversarial Attacks in Computer Vision: A Systematic ReviewNew Generation Computing10.1007/s00354-024-00283-042:5(1165-1235)Online publication date: 12-Oct-2024
https://doi.org/10.1007/s00354-024-00283-0
Siddique AIqbal MDin SBrowne WSilva SPaquete L(2023)Attention in Rule-Based Machine Learning: Exploiting Learning Classifier Systems' Generalization for Image ClassificationProceedings of the Companion Conference on Genetic and Evolutionary Computation10.1145/3583133.3590611(323-326)Online publication date: 15-Jul-2023
https://dl.acm.org/doi/10.1145/3583133.3590611
Nguyen TBrowne WZhang M(2023)ConCS: A Continual Classifier System for Continual Learning of Multiple Boolean ProblemsIEEE Transactions on Evolutionary Computation10.1109/TEVC.2022.321087227:4(1057-1071)Online publication date: Aug-2023
https://doi.org/10.1109/TEVC.2022.3210872
Siddique ABrowne WGrimshaw G(2023)Lateralized Learning to Solve Complex Boolean ProblemsIEEE Transactions on Cybernetics10.1109/TCYB.2022.316611953:11(6761-6775)Online publication date: Nov-2023
https://doi.org/10.1109/TCYB.2022.3166119
Siddique ABrowne WGrimshaw G(2022)Frames-of-Reference-Based Learning: Overcoming Perceptual Aliasing in Multistep Decision-Making TasksIEEE Transactions on Evolutionary Computation10.1109/TEVC.2021.310224126:1(174-187)Online publication date: Feb-2022
https://doi.org/10.1109/TEVC.2021.3102241
Shehu HBrowne WEisenbarth H(2022)An anti-attack method for emotion categorization from images▪Applied Soft Computing10.1016/j.asoc.2022.109456128:COnline publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1016/j.asoc.2022.109456
Lal SRehman SShah JMeraj TRauf HDamaševičius RMohammed MAbdulkareem K(2021)Adversarial Attack and Defence through Adversarial Training and Feature Fusion for Diabetic Retinopathy RecognitionSensors10.3390/s2111392221:11(3922)Online publication date: 7-Jun-2021
https://doi.org/10.3390/s21113922
Pätzel DHeider MWagner AKrawiec K(2021)An overview of LCS research from 2020 to 2021Proceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3449726.3463173(1648-1656)Online publication date: 7-Jul-2021
https://dl.acm.org/doi/10.1145/3449726.3463173
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents