Deep Fusion: Crafting Transferable Adversarial Examples and Improving Robustness of Industrial Artificial Intelligence of Things

Industry 5.0 is aimed at merging the cognitive computing capabilities of deep neural networks (DNNs) with human resourcefulness in collaborative operations. DNNs have been widely used in Industrial Artificial Intelligence of Things (Industrial AIoT) systems. However, DNNs are vulnerable to adversarial attacks, which bring a considerable risk to Industrial AIoT systems. The adversary uses adversarial examples crafted on the local ensemble model to attack black-box target of Industrial AIoT systems, resulting in catastrophic consequences. It is essential to study ensemble adversarial attack and defense strategies in black-box scenarios. Nevertheless, current ensemble attacks' performance is limited by the diversity of local models and ensemble strategies, and defensive strategies are inefficient. To solve these problems, we propose two novel deep fusion methods from both an attacker's and a defender's perspective. For initiating attacks, we propose deep fusion attack. The erosion models are applied to compensate for local models' insufficiency in diversity. We fuse erosion models in the output space, and the feature space simultaneously and continuously accumulate historical gradients to retain adversarial information, thereby improving transferability. Extensive experimental results show that our approach achieves superior performance in black-box attacks, and the average success rate of our attack reaches a compelling 87.4%. For constructing defenses, we propose deep fusion defense, using a fusion of multiple predictions with erosion models as a novel approach. We successfully increase the model's robustness by more than 90% on the ImageNet dataset.