attack learning the distributions of adversarial examples
play

ATTACK: Learning the Distributions of Adversarial Examples for an - PowerPoint PPT Presentation

Jan 29, 2023 •323 likes •440 views

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

  1. ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong Kong University of Science and Technology 3 Google

  2. Adversarial Examples Adversarial Noise + 𝜀 𝑦 ′ 𝑦 90% book jacker 82% puma

  3. Popular: Gradient-Based Adversarial Attack Gradient of classifier output according to 𝑦 . White-box: Black-box: ➢ FGS (Goodfellow et al. 2014) ➢ ZOO (Chen et al. 2017) ➢ BPDA (Athalye et al., 2018). ➢ Query-Limited (Ilyas et al. 2018) ➢ PGD (Madry et al., 2018) ➢ … ➢ …

  4. One? Adversarial Perturbation (F (For an an In Input) Bad local optimum, non-smooth optimization, curse of dimensionality, etc.

  5. ATTACK Learn the distributions of adversarial examples

  6. ATTACK Learn the distributions of adversarial examples Smoothes the optimization Higher attack success rate Reduce the “attack dimension” Less queries into the network Characterizes the risk of the input example New defense methods

  7. ATTACK Learn the distributions of adversarial examples

  8. ATTACK ➢ How to define the distributions of adversarial examples? ➢ Optimization : how to maximize the objective function. Poster session: Wed Jun 12th 06:30 -- 09:00 PM @ Pacific Ballroom #69

  9. Experiments (Comparison with BPDA) 100 90 80 70 CIFAR10: ADV-TRAIN, ADV-BNN, 60 THERM-ADV, CAS-ADV, ADV-GAN, LID, 50 40 THERM, SAP, VANILLA WRESNET-32 30 20 10 IMAGENET: GUIDED DENOISER, 0 RANDOMIZATION, INPUT-TRANS, PIXEL DEFLECTION, VANILLA INCEPTION V3 BPDA NATTACK ➢ ATTACK: 100% success rate on six out of the 13 defenses and more than 90% on five of the rest . ➢ Competitive with white-box attack: BPDA (Athalye et al., 2018).

  10. Experiments (Comparison with Black-box Approaches) 100 90 80 CIFAR10: ADV-TRAIN, THERM- 70 60 ADV, CAS-ADV, ADV-GAN, LID, 50 THERM, SAP, VANILLA WRESNET- 40 30 32 20 10 IMAGENET: RANDOMIZATION, 0 INPUT-TRANS, VANILLA INCEPTION V3 ZOO QL NATTACK ➢ The black-box baselines hinges on the quality of the estimated gradient. ➢ Fail to attack Non-smooth DNNs.

  11. ATTACK In a nutshell, ➢ Is a powerful black-box attack, >= white-box attack. ➢ Is universal : fooled different defenses by a single algorithm . ➢ Characterize the distributions of adversarial examples. ➢ Reduce the “attack dimension” Poster session: Wed Jun 12th 06:30 -- 09:00 PM @ Pacific Ballroom #69

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

by learning the Distributions of Adversarial Examples Boqing Gong Joint work with Yandong Li,

by learning the Distributions of Adversarial Examples Boqing Gong Joint work with Yandong Li,

by learning the Distributions of Adversarial Examples Boqing Gong Joint work with Yandong Li, Lijun Li, Liqiang Wang, & Tong Zhang Published in ICML 2019 Intriguing properties of deep neural networks (DNNs) Szegedy, C., Zaremba, W.,

750 views • 43 slides
Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning Training Examples Hidden units / BICYCLE features CAR PEDESTRIA N Parameters Input ImageNet (Russakovsky et al 2015) Adversarial Examples: Images

369 views • 19 slides
Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of

Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of

Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of Computer Science The Czech Academy of Sciences Hora Informaticae 2016 Outline Introduction Works on adversarial examples Our work Genetic

855 views • 46 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial

CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial

CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial Learning 1 / 26 Overview Two topics for today: Adversarial examples: examples carefully crafted to cause an undesirable behavior (e.g.

412 views • 26 slides
Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22

Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22

Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22 nd 2018 Florian Tramr Stanford Deep Learning is Super Smart! 2 Is it really? + . 007 = Im sure this Im certain this is a panda is

452 views • 12 slides
Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B.

Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B.

Adversarial camera stickers: A physical camera-based attack on deep learning systems Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter Bosch Center for

375 views • 15 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop 2019-05-06 New Orleans Based on https://arxiv.org/pdf/1903.06293.pdf Definition Adversarial examples are inputs to machine learning models that

411 views • 22 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

760 views • 72 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
The Aspect-Oriented Design of the ++ Parser Framework Puma C/C Matthias Urban Daniel Lohmann

The Aspect-Oriented Design of the ++ Parser Framework Puma C/C Matthias Urban Daniel Lohmann

The Aspect-Oriented Design of the ++ Parser Framework Puma C/C Matthias Urban Daniel Lohmann Olaf Spinczyk pure systems GmbH Friedrich-Alexander University Technical University Magdeburg Erlangen-Nuremberg Dortmund 9th International

595 views • 56 slides
Introduction to Robotics Jianwei Zhang zhang@informatik.uni-hamburg.de Universit at Hamburg

Introduction to Robotics Jianwei Zhang zhang@informatik.uni-hamburg.de Universit at Hamburg

MIN-Fakult at Department Informatik Universit at Hamburg - Introduction to Robotics Introduction to Robotics Jianwei Zhang zhang@informatik.uni-hamburg.de Universit at Hamburg Fakult at f ur Mathematik, Informatik und

511 views • 19 slides
Taking the PUMA E P&L to the next level Stefan Seidel Teamhead PUMA.Safe Ecology

Taking the PUMA E P&L to the next level Stefan Seidel Teamhead PUMA.Safe Ecology

Taking the PUMA E P&L to the next level Stefan Seidel Teamhead PUMA.Safe Ecology Sustainable Innovation 2012 October 30th 2012 PUMA PUMA PUMA is the leading Sportlifestyle company with products which start in Sport and end in

324 views • 14 slides
PUMA : Exotic Nuclei & Antiprotons Alexandre Obertelli TU Darmstadt Bormio Winter Meeting on

PUMA : Exotic Nuclei & Antiprotons Alexandre Obertelli TU Darmstadt Bormio Winter Meeting on

PUMA : Exotic Nuclei & Antiprotons Alexandre Obertelli TU Darmstadt Bormio Winter Meeting on Nuclear Physics January 23 rd , 2018 03.10.2017 | Fachbereich BBBBB | Institut AAAA | Prof. TTTTTT | 23.01.2018 l PUMA | A.

368 views • 20 slides
Big Data Architectures@ Facebook QCon London 2012 Ashish Thusoo Thursday, March 8, 12 Outline

Big Data Architectures@ Facebook QCon London 2012 Ashish Thusoo Thursday, March 8, 12 Outline

Big Data Architectures@ Facebook QCon London 2012 Ashish Thusoo Thursday, March 8, 12 Outline Big Data @ Facebook - Scope & Scale Evolution of Big Data Architectures @ FB Past, Present and Future Questions Thursday, March

572 views • 54 slides
On Stability theory for C 0 -Semigroups and applications Francis Flix Crdova Puma

On Stability theory for C 0 -Semigroups and applications Francis Flix Crdova Puma

C 0 -Semigroup Stability Theory Applications Stabilization Results - Ideas of demonstrations On Stability theory for C 0 -Semigroups and applications Francis Flix Crdova Puma Departamento de Cincias Exatas e Educao / UFSC 23 06

1.01k views • 83 slides
Formal Methods for Interactive Systems Part 8 Cognitive Architectures Antonio Cerone

Formal Methods for Interactive Systems Part 8 Cognitive Architectures Antonio Cerone

Formal Methods for Interactive Systems Part 8 Cognitive Architectures Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web: www.iist.unu.edu A. Cerone,

1.42k views • 137 slides
A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm

A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm

A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm Helmut Seidl + Mnster Mnchen PUMA Ringvorlesung, 2009 1 Outline: Background The framework for affine relations Grangers

1.53k views • 113 slides

More recommend