Incremental Development of a Framework for Mitigating Adversarial Attacks on CNN Models

Authors

  • Maaz Nisar Department of Computer Science and Information Technology, Khwaja Fareed University of Engineering and Information Technology, Pakistan
  • Nabeel Fayyaz Department of Computer Science and Information Technology, Khwaja Fareed University of Engineering and Information Technology, Pakistan
  • Muhammad Abdullah Ahmed Department of Software Engineering, University of Engineering and Technology, Pakistan
  • Muhammad Usman Shams Institute of Computer & Software Engineering, Khwaja Fareed University of Engineering and Information Technology, Pakistan
  • Bushra Fareed Institute of Computer & Software Engineering, Khwaja Fareed University of Engineering and Information Technology, Pakistan

DOI:

https://doi.org/10.64539/sjer.v1i4.2025.349

Keywords:

CNN, Adversarial attacks, Anti-noise predictor, Machine learning security, Image classification, Adversarial detection

Abstract

This work explores the vulnerability of Convolutional Neural Networks (CNNs) to adversarial attacks, particularly focusing on the Fast Gradient Sign Method (FGSM). Adversarial attacks, which subtly manipulate input images to deceive machine learning models, pose significant threats to the security and reliability of CNN-based systems. The research introduces an enhanced methodology for identifying and mitigating these adversarial threats by incorporating an anti-noise predictor to separate adversarial noise and images, thereby improving detection accuracy. The proposed method was evaluated against multiple adversarial attack strategies using the MNIST dataset, demonstrating superior detection performance compared to existing techniques. Additionally, the study highlights the integration of Fourier domain-based noise accommodation, enhancing robustness against attacks. The findings contribute to the development of more resilient CNN models capable of effectively countering adversarial manipulations, emphasizing the importance of continuous adaptation and multi-layered defense strategies in securing machine learning systems.

References

[1] Y. Lu, “Artificial intelligence: a survey on evolution, models, applications and future trends,” Journal of Management Analytics, vol. 6, no. 1, pp. 1–29, Jan. 2019, https://doi.org/10.1080/23270012.2019.1570365.

[2] S. A. Nawaz, J. Li, U. A. Bhatti, M. U. Shoukat, and R. M. Ahmad, “AI-based object detection latest trends in remote sensing, multimedia and agriculture applications,” Front Plant Sci, vol. 13, Nov. 2022, https://doi.org/10.3389/fpls.2022.1041514.

[3] A. M. Zbrzezny and A. E. Grzybowski, “Deceptive Tricks in Artificial Intelligence: Adversarial Attacks in Ophthalmology,” J Clin Med, vol. 12, no. 9, p. 3266, May 2023, https://doi.org/10.3390/jcm12093266.

[4] X. Yuan, P. He, Q. Zhu, and X. Li, “Adversarial Examples: Attacks and Defenses for Deep Learning,” IEEE Trans Neural Netw Learn Syst, vol. 30, no. 9, pp. 2805–2824, Sep. 2019, https://doi.org/10.1109/TNNLS.2018.2886017.

[5] A. Bajaj and D. K. Vishwakarma, “A state-of-the-art review on adversarial machine learning in image classification,” Multimed Tools Appl, vol. 83, no. 3, pp. 9351–9416, Jan. 2024, https://doi.org/10.1007/s11042-023-15883-z.

[6] T. Bai, J. Luo, J. Zhao, B. Wen, and Q. Wang, “Recent Advances in Adversarial Training for Adversarial Robustness,” arXiv preprint arXiv:2102.01356, 2021, https://doi.org/10.48550/arXiv.2102.01356.

[7] M. Ivgi and J. Berant, “Achieving Model Robustness through Discrete Adversarial Training,” arXiv preprint arXiv:2104.05062, 2021, https://doi.org/10.48550/arXiv.2104.05062.

[8] K. Zhao, L. Wang, F. Yu, B. Zeng, and Z. Pang, “FedMP: A multi-pronged defense algorithm against Byzantine poisoning attacks in federated learning,” Computer Networks, vol. 257, p. 110990, Feb. 2025, https://doi.org/10.1016/j.comnet.2024.110990.

[9] C.-Y. Hsu, P.-Y. Chen, S. Lu, S. Liu, and C.-M. Yu, “Adversarial Examples Can Be Effective Data Augmentation for Unsupervised Machine Learning,” Proceedings of the AAAI Conference on Artificial Intelligence, vol. 36, no. 6, pp. 6926–6934, Jun. 2022, https://doi.org/10.1609/aaai.v36i6.20650.

[10] I. H. Sarker, “Multi‐aspects AI‐based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview,” Security and Privacy, vol. 6, no. 5, Sep. 2023, https://doi.org/10.1002/spy2.295.

[11] M. Repetto, “Adaptive monitoring, detection, and response for agile digital service chains,” Comput Secur, vol. 132, p. 103343, Sep. 2023, https://doi.org/10.1016/j.cose.2023.103343.

[12] J. Fang, Y. Jiang, C. Jiang, Z. L. Jiang, C. Liu, and S.-M. Yiu, “State-of-the-art optical-based physical adversarial attacks for deep learning computer vision systems,” Expert Syst Appl, vol. 250, p. 123761, Sep. 2024, https://doi.org/10.1016/j.eswa.2024.123761.

[13] D. J. Miller, Z. Xiang, and G. Kesidis, “Adversarial Learning Targeting Deep Neural Network Classification: A Comprehensive Review of Defenses Against Attacks,” Proceedings of the IEEE, vol. 108, no. 3, pp. 402–433, Mar. 2020, https://doi.org/10.1109/JPROC.2020.2970615.

[14] A. Abomakhelb, K. A. Jalil, A. G. Buja, A. Alhammadi, and A. M. Alenezi, “A Comprehensive Review of Adversarial Attacks and Defense Strategies in Deep Neural Networks,” Technologies (Basel), vol. 13, no. 5, p. 202, May 2025, https://doi.org/10.3390/technologies13050202.

[15] M. Hassan, S. Younis, A. Rasheed, and M. Bilal, “Integrating single-shot Fast Gradient Sign Method (FGSM) with classical image processing techniques for generating adversarial attacks on deep learning classifiers,” in Fourteenth International Conference on Machine Vision (ICMV 2021), W. Osten, D. Nikolaev, and J. Zhou, Eds., SPIE, Mar. 2022, p. 48. https://doi.org/10.1117/12.2623585.

[16] A. Agarwal, R. Singh, and M. Vatsa, “The Role of ‘Sign’ and ‘Direction’ of Gradient on the Performance of CNN,” in 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), IEEE, Jun. 2020, pp. 2748–2756. https://doi.org/10.1109/CVPRW50498.2020.00331.

[17] S. M. A. Naqvi, M. Shabaz, M. A. Khan, and S. I. Hassan, “Adversarial Attacks on Visual Objects Using the Fast Gradient Sign Method,” J Grid Comput, vol. 21, no. 4, p. 52, Dec. 2023, https://doi.org/10.1007/s10723-023-09684-9.

[18] W. Pedrycz and K.-C. Kwak, “The Development of Incremental Models,” IEEE Transactions on Fuzzy Systems, vol. 15, no. 3, pp. 507–518, Jun. 2007, https://doi.org/10.1109/TFUZZ.2006.889967.

[19] C. J. Trammell, M. G. Pleszkoch, R. C. Linger, and A. R. Hevner, “The incremental development process in Cleanroom software engineering,” Decis Support Syst, vol. 17, no. 1, pp. 55–71, Apr. 1996, https://doi.org/10.1016/0167-9236(95)00022-4.

[20] H. Ben Braiek and F. Khomh, “On testing machine learning programs,” Journal of Systems and Software, vol. 164, p. 110542, Jun. 2020, https://doi.org/10.1016/j.jss.2020.110542.

Downloads

Published

2025-12-09

How to Cite

Nisar, M., Fayyaz, N., Ahmed, M. A., Shams, M. U., & Fareed, B. (2025). Incremental Development of a Framework for Mitigating Adversarial Attacks on CNN Models. Scientific Journal of Engineering Research, 1(4), 250–259. https://doi.org/10.64539/sjer.v1i4.2025.349

Issue

Vol. 1 No. 4 (2025): October

Section

Articles

License

Copyright (c) 2025 Maaz Nisar, Nabeel Fayyaz, Muhammad Abdullah Ahmed, Muhammad Usman Shams, Bushra Fareed

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.