All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Dear Authors,
Your paper has been accepted for publication in PeerJ Computer Science. I recommend carefully proofreading your manuscript before publication for typos/punctuation issues.
[# PeerJ Staff Note - this decision was reviewed and approved by Jyotismita Chaki, a PeerJ Computer Science Section Editor covering this Section #]
[# PeerJ Staff Note: Although the Academic Editor is happy to accept your article as being scientifically sound, a final check of the manuscript shows that it would benefit from further English editing. Therefore, please identify necessary edits and address these while in proof stage. PeerJ can provide language editing services - please contact us at copyediting@peerj.com for pricing (be sure to provide your manuscript number and title). Alternatively, you may approach your own choice of editing service provider. #]
Dear authors,
Thank you for addressing my comments and improving your manuscript.
Regards,
no comment
no comment
Please carefully proofread your manuscript before publication for typos/punctuation issues.
Dear authors,
Your paper has been reviewed. It requires minor revisions before being accepted for publication in this journal. I recommend that you improve the description of the contribution of your study, as one of the reviewers considers the contribution of your research to be weak.
[# PeerJ Staff Note: It is PeerJ policy that additional references suggested during the peer-review process should only be included if the authors are in agreement that they are relevant and useful #]
[# PeerJ Staff Note: Please ensure that all review and editorial comments are addressed in a response letter and any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate. #]
Reviewer’s Report on the manuscript entitled:
Image classification adversarial attack with improved resizing transformation and ensemble models
The authors proposed a resizing invariance method to achieve model augmentation and through experiments show that the black-box attack success rate is improved compared to other baseline methods. The method and results are interesting, and the manuscript is well-written. Please see below my comments for further improvement.
Line 91. The related work can be further improved. The following articles can also be discussed and included:
The residual networks (ResNet) showed a good performance accuracy for image classification applications in land cover classification:
https://doi.org/10.3390/s21238083
Line 197. There are some techniques such as “early stopping” suggested in the article above that can prevent overfitting issues and reduce the computational cost. Please also mention it here.
Compressive domain deep CNN for image classification:
https://doi.org/10.3390/app12146881
Line 284. Please do not start a sentence with a number. Say “One thousand” instead of “1000”.
Line 352. Please use a better title here. You may say “Statistical analysis”.
Line 382. Please also mention the limitations of your method.
Figure 1. Some texts are overlapping “Shetland sheepdog”. Just say “Sheepdog”.
Please add an acronym table listing all the abbreviations used in this work.
Thank you for your contribution.
Regards,
Figure 4. Caption. Please add more descriptions for the graphs. In (A) you said (Inv-v3) and in (B) you said ensemble model. Did you mean these performed better. Please add a couple sentences in the caption of Figure 4. Similarly, for Figures 5 and 6.
No comment
Adding a flowchart showing the workflow of your research would help the general readers to follow your work easier.
The authors proposed an input diversity strategy coupled with iterative attacks. The aim is to overcome overfitting and improve the transferability of adversarial examples across networks trained for image classification. The input diversity is achieved by a transformation function randomly resizing and padding an image. This transformation is also considered when an ensemble of models generates adversarial examples.
The documentation of the paper is poor. The paper has many grammatical errors that need to be corrected.There is no continuity of the sentences with respect to the mathematical equations.Equation 9 and Equation 10 have shown the optimization problems without the constraints on the perturbation size.
The adversarial examples generated using a single model and an ensemble model scheme are transferred among similar normally and adversarially trained models. The proposed augmentation strategy shows a higher success rate than other iterative attack strategies with other model/data augmentation. Further, the authors perform ablation experiments to study the impact of the transformation
probability (p) and resize scale. The value of the transformation probability is varied p ϵ [0,1]. The transformation probability has a minimal effect on the success attack rate except at p = 0 and p = 1. The success rate increases when the image size is increased or reduced from its original size of 299x299x3.
The findings seem impressive. The authors should validate empirically if the transformation strategy mentioned in the paper is indeed an invariant property of deep neural networks.
This input diversity strategy presented in this paper is similar to the DIM method by Xie et al. The authors should highlight how their methods differ from DIM.
no comment
no comment
The article has low level impact although it is so long.
These article can be modified to be a survey. it is very log without any need to this long. The contribution of the article is weak. I did may best to extract the new in this article.
My advice for authors is to remove the unnecessary of sentences in the introduction section and also remove unelated works in the related work section. So, the reference section will be shrinked.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.