{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T11:01:55Z","timestamp":1773054115433,"version":"3.50.1"},"reference-count":34,"publisher":"MDPI AG","issue":"18","license":[{"start":{"date-parts":[[2022,9,13]],"date-time":"2022-09-13T00:00:00Z","timestamp":1663027200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","award":["956573"],"award-info":[{"award-number":["956573"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","award":["957296"],"award-info":[{"award-number":["957296"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Adversarial machine learning (AML) is a class of data manipulation techniques that cause alterations in the behavior of artificial intelligence (AI) systems while going unnoticed by humans. These alterations can cause serious vulnerabilities to mission-critical AI-enabled applications. This work introduces an AI architecture augmented with adversarial examples and defense algorithms to safeguard, secure, and make more reliable AI systems. This can be conducted by robustifying deep neural network (DNN) classifiers and explicitly focusing on the specific case of convolutional neural networks (CNNs) used in non-trivial manufacturing environments prone to noise, vibrations, and errors when capturing and transferring data. The proposed architecture enables the imitation of the interplay between the attacker and a defender based on the deployment and cross-evaluation of adversarial and defense strategies. The AI architecture enables (i) the creation and usage of adversarial examples in the training process, which robustify the accuracy of CNNs, (ii) the evaluation of defense algorithms to recover the classifiers\u2019 accuracy, and (iii) the provision of a multiclass discriminator to distinguish and report on non-attacked and attacked data. The experimental results show promising results in a hybrid solution combining the defense algorithms and the multiclass discriminator in an effort to revitalize the attacked base models and robustify the DNN classifiers. The proposed architecture is ratified in the context of a real manufacturing environment utilizing datasets stemming from the actual production lines.<\/jats:p>","DOI":"10.3390\/s22186905","type":"journal-article","created":{"date-parts":[[2022,9,13]],"date-time":"2022-09-13T22:37:28Z","timestamp":1663108648000},"page":"6905","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Towards Robustifying Image Classifiers against the Perils of Adversarial Attacks on Artificial Intelligence Systems"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9766-9338","authenticated-orcid":false,"given":"Theodora","family":"Anastasiou","sequence":"first","affiliation":[{"name":"UBITECH Ltd., Thessalias 8 and Etolias 10, GR-15231 Chalandri, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1099-8463","authenticated-orcid":false,"given":"Sophia","family":"Karagiorgou","sequence":"additional","affiliation":[{"name":"UBITECH Ltd., Thessalias 8 and Etolias 10, GR-15231 Chalandri, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Petros","family":"Petrou","sequence":"additional","affiliation":[{"name":"UBITECH Ltd., Thessalias 8 and Etolias 10, GR-15231 Chalandri, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9471-5415","authenticated-orcid":false,"given":"Dimitrios","family":"Papamartzivanos","sequence":"additional","affiliation":[{"name":"UBITECH Ltd., Thessalias 8 and Etolias 10, GR-15231 Chalandri, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0663-2263","authenticated-orcid":false,"given":"Thanassis","family":"Giannetsos","sequence":"additional","affiliation":[{"name":"UBITECH Ltd., Thessalias 8 and Etolias 10, GR-15231 Chalandri, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Georgia","family":"Tsirigotaki","sequence":"additional","affiliation":[{"name":"Hellenic Army Information Technology Support Center, 227-231, Mesogeion Ave., GR-15451 Holargos, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jelle","family":"Keizer","sequence":"additional","affiliation":[{"name":"Philips, Oliemolenstraat 5, 9203 ZN Drachten, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,9,13]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., and Sun, J. (2016, January 27\u201330). Deep residual learning for image recognition. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA.","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Wei, X., Liang, S., Chen, N., and Cao, X. (2019, January 10\u201316). Transferable Adversarial Attacks for Image and Video Object Detection. Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, IJCAI-19, Macao, China.","DOI":"10.24963\/ijcai.2019\/134"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1016\/j.patcog.2017.03.020","article-title":"Adaptive hash retrieval with kernel based similarity","volume":"75","author":"Bai","year":"2018","journal-title":"Pattern Recognit."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Gota, D.I., Puscasiu, A., Fanca, A., Valean, H., and Miclea, L. (2020, January 27\u201329). Threat objects detection in airport using machine learning. Proceedings of the 2020 21th International Carpathian Control Conference (ICCC), Kosice, Slovakia.","DOI":"10.1109\/ICCC49264.2020.9257293"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/OJITS.2022.3142612","article-title":"Countering adversarial attacks on autonomous vehicles using denoising techniques: A Review","volume":"3","author":"Kloukiniotis","year":"2022","journal-title":"IEEE Open J. Intell. Transp. Syst."},{"key":"ref_6","unstructured":"Tencent Keen Security Lab (2019). Experimental Security Research of Tesla Autopilot, Tencent Keen Security Lab."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1287","DOI":"10.1126\/science.aaw4399","article-title":"Adversarial attacks on medical machine learning","volume":"363","author":"Finlayson","year":"2019","journal-title":"Science"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"107332","DOI":"10.1016\/j.patcog.2020.107332","article-title":"Understanding adversarial attacks on deep learning based medical image analysis systems","volume":"110","author":"Ma","year":"2021","journal-title":"Pattern Recognit."},{"key":"ref_9","unstructured":"Zhang, F., Leitner, J., Milford, M., Upcroft, B., and Corke, P. (2015). Towards vision-based deep reinforcement learning for robotic motion control. arXiv."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Veliou, E., Papamartzivanos, D., Menesidou, S.A., Gouvas, P., and Giannetsos, T. (2021). Artificial Intelligence and Secure Manufacturing: Filling Gaps in Making Industrial Environments Safer, Now Publishers.","DOI":"10.1561\/9781680838770.ch2"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Dolgui, A., Bernard, A., Lemoine, D., von Cieminski, G., and Romero, D. (2021). STARdom: An Architecture for Trusted and Secure Human-Centered Manufacturing Systems. Advances in Production Management Systems. Artificial Intelligence for Sustainable and Resilient Production Systems, Springer International Publishing.","DOI":"10.1007\/978-3-030-85906-0"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"3849","DOI":"10.1007\/s10462-020-09942-2","article-title":"Artificial intelligence, cyber-threats and Industry 4.0: Challenges and opportunities","volume":"54","author":"Gama","year":"2021","journal-title":"Artif. Intell. Rev."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A., Xiao, C., Prakash, A., Kohno, T., and Song, D. (2018, January 18\u201323). Robust physical-world attacks on deep learning visual classification. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA.","DOI":"10.1109\/CVPR.2018.00175"},{"key":"ref_14","unstructured":"(2022, August 08). MITRE ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems. Available online: https:\/\/atlas.mitre.org\/."},{"key":"ref_15","unstructured":"(2022, July 31). Adversarial Robustness Toolbox: A Python Library for Machine Learning Security. Available online: https:\/\/adversarial-robustness-toolbox.readthedocs.io\/en\/latest\/."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"14410","DOI":"10.1109\/ACCESS.2018.2807385","article-title":"Threat of adversarial attacks on deep learning in computer vision: A survey","volume":"6","author":"Akhtar","year":"2018","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"155161","DOI":"10.1109\/ACCESS.2021.3127960","article-title":"Advances in adversarial attacks and defenses in computer vision: A survey","volume":"9","author":"Akhtar","year":"2021","journal-title":"IEEE Access"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Yan, H., Zhang, J., Feng, J., Sugiyama, M., and Tan, V.Y. (2022). Towards Adversarially Robust Deep Image Denoising. arXiv.","DOI":"10.24963\/ijcai.2022\/211"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Pawlicki, M., and Chora\u015b, R.S. (2021). Preprocessing Pipelines including Block-Matching Convolutional Neural Network for Image Denoising to Robustify Deep Reidentification against Evasion Attacks. Entropy, 23.","DOI":"10.3390\/e23101304"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Marchisio, A., Pira, G., Martina, M., Masera, G., and Shafique, M. (2021, January 23\u201327). R-snn: An analysis and design methodology for robustifying spiking neural networks against adversarial attacks through noise filters for dynamic vision sensors. Proceedings of the 2021 IEEE\/RSJ International Conference on Intelligent Robots and Systems (IROS), Prague, Czech Republic.","DOI":"10.1109\/IROS51168.2021.9636718"},{"key":"ref_21","unstructured":"Liu, Z., Zhang, J., Jog, V., Loh, P.L., and McMillan, A.B. (2019). Robustifying deep networks for image segmentation. arXiv."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Afzal-Houshmand, S., Homayoun, S., and Giannetsos, T. (2021, January 7\u201310). A Perfect Match: Deep Learning Towards Enhanced Data Trustworthiness in Crowd-Sensing Systems. Proceedings of the 2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom), Athens, Greece.","DOI":"10.1109\/MeditCom49071.2021.9647554"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"102141","DOI":"10.1016\/j.media.2021.102141","article-title":"Adversarial attack vulnerability of medical image analysis systems: Unexplored factors","volume":"73","author":"Bortsova","year":"2021","journal-title":"Med. Image Anal."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"22077","DOI":"10.1007\/s11042-020-10379-6","article-title":"CNN adversarial attack mitigation using perturbed samples training","volume":"80","author":"Hashemi","year":"2021","journal-title":"Multim. Tools Appl."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"e1511","DOI":"10.1002\/wics.1511","article-title":"Adversarial machine learning for cybersecurity and computer vision: Current developments and challenges","volume":"12","author":"Xi","year":"2020","journal-title":"Wiley Interdiscip. Rev. Comput. Stat."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Dong, Y., Fu, Q.A., Yang, X., Pang, T., Su, H., Xiao, Z., and Zhu, J. (2020, January 14\u201319). Benchmarking adversarial robustness on image classification. Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, Seattle, WA, USA.","DOI":"10.1109\/CVPR42600.2020.00040"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kyrkou, C., Papachristodoulou, A., Kloukiniotis, A., Papandreou, A., Lalos, A., Moustakas, K., and Theocharides, T. (2020, January 6\u20138). Towards artificial-intelligence-based cybersecurity for robustifying automated driving systems against camera sensor attacks. Proceedings of the 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), Limassol, Cyprus.","DOI":"10.1109\/ISVLSI49217.2020.00-11"},{"key":"ref_28","unstructured":"(2022, August 08). MITRE ATLAS, Evade ML Model. Available online: https:\/\/atlas.mitre.org\/techniques\/AML.T0015\/."},{"key":"ref_29","unstructured":"(2022, August 08). MITRE ATLAS, ML Attack Staging. Available online: https:\/\/atlas.mitre.org\/tactics\/AML.TA0001\/."},{"key":"ref_30","unstructured":"(2022, July 31). Keras Preprocessing: Easy Data Preprocessing and Data Augmentation for Deep Learning Models. Available online: https:\/\/pypi.org\/project\/Keras-Preprocessing\/."},{"key":"ref_31","unstructured":"McConnell, R.K. (1986). Method of and Apparatus for Pattern Recognition. (4,567,610), U.S. Patent."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/TSMC.1979.4310076","article-title":"A threshold selection method from gray-level histograms","volume":"9","author":"Otsu","year":"1979","journal-title":"IEEE Trans. Syst. Man. Cybern."},{"key":"ref_33","unstructured":"(2022, September 06). Keras: An Open-Source Software Library that Provides a Python Interface for Artificial Neural Networks. Available online: https:\/\/keras.io\/."},{"key":"ref_34","unstructured":"(2022, September 06). Jupyter Notebook: Web Application for Creating and Sharing Computational Documents. Available online: https:\/\/jupyter.org\/."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/18\/6905\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:30:23Z","timestamp":1760142623000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/18\/6905"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,13]]},"references-count":34,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2022,9]]}},"alternative-id":["s22186905"],"URL":"https:\/\/doi.org\/10.3390\/s22186905","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,13]]}}}