TechRxiv
Opportunistic_Use_of_Crowdsourced_Workers_for_Online_Relabeling_of_Potential_Adversarial_Examples (TechRxiv).pdf (545.29 kB)
Download file

Opportunistic Use of Crowdsourced Workers for Online Relabeling of Potential Adversarial Examples

Download (545.29 kB)
preprint
posted on 07.12.2021, 23:18 authored by Shawqi Al-MalikiShawqi Al-Maliki, Faissal El BouananiFaissal El Bouanani, Kashif Ahmad, Mohamed Abdallah, Dinh Hoang, Dusit Niyato, Ala Al-Fuqaha
Deep Neural Networks (DDNs) have achieved tremendous success in handling various Machine Learning (ML) tasks, such as speech recognition, Natural Language Processing, and image classification. However, they have shown vulnerability to well-designed inputs called adversarial examples. Researchers in industry and academia have proposed many adversarial example defense techniques. However, none can provide complete robustness. The cutting-edge defense techniques offer partial reliability. Thus, complementing them with another layer of protection is a must, especially for mission-critical applications. This paper proposes a novel Online Selection and Relabeling Algorithm (OSRA) that opportunistically utilizes a limited number of crowdsourced workers (budget-constraint crowdsourcing) to maximize the ML system’s robustness. OSRA strives to use crowdsourced workers effectively by selecting the most suspicious inputs (the potential adversarial examples) and moving them to the crowdsourced workers to be validated and corrected (relabeled). As a result, the impact of adversarial examples gets reduced, and accordingly, the ML system becomes more robust. We also proposed a heuristic threshold selection method that contributes to enhancing the prediction system’s reliability. We empirically validated our proposed algorithm and found that it can efficiently and optimally utilize the allocated budget for crowdsourcing. It is also effectively integrated with a state-ofthe- art black-box (transfer-based) defense technique, resulting in a more robust system. Simulation results show that OSRA can outperform a random selection algorithm by 60% and achieve comparable performance to an optimal offline selection benchmark. They also show that OSRA’s performance has a positive correlation with system robustness.

Funding

This publication was made possible by NPRP grant # [13S- 0206-200273] from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.

History

Email Address of Submitting Author

salmaliki@hbku.edu.qa

ORCID of Submitting Author

0000-0002-6738-2352

Submitting Author's Institution

Hamad Bin Khalifa University

Submitting Author's Country

Qatar