cvpr 2020 universal adversarial attacks
play

CVPR 2020 Universal Adversarial Attacks Image agnostic and - PowerPoint PPT Presentation

Oct 11, 2022 •513 likes •592 views

1 1,4 2,3 2 3 4 1 CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks Adversarial No defense: Baseline DNN perturbation Input image Classification Feature extraction dense Perturbed image

  1. 1 1,4 2,3 2 3 4 1 CVPR 2020

  2. Universal Adversarial Attacks • Image agnostic and transferable across networks Adversarial No defense: Baseline DNN perturbation Input image Classification Feature extraction dense Perturbed image dense Conv-3 feature Conv-2 feature Predicted Conv-1 feature RGB image maps maps labels maps Baseline Baseline DNN DNN Vulture 33% Bald eagle 99%

  3. Defending against Universal Adversarial Attacks • Selective feature regeneration effectively restores robustness Adversarial Proposed defense: Baseline DNN with resilient feature regeneration perturbation Input image Ranked most susceptible features Regenerated features Feature Feature Regeneration Regeneration Unit Unit Perturbed Feature image Feature concat concat Ranked least susceptible features Frozen parameters from baseline DNN Proposed Baseline Proposed Baseline Defense Defense DNN DNN Bald eagle 99% Bald eagle 99%

  4. Ranking CNN Filters Based on Noise Susceptibility Suppressing perturbations in ranked Sample Baseline DNN filters’ output maps Classification Feature extraction Percentage of suppressed maps in conv-1 dense dense Predicted Feature map labels Conv. filter with weights We show: • Max perturbation level -norm of the filter weight ( ) induced in feature map

  5. Robustness to Unseen Universal Adversarial Attacks • Defense trained on only UAP noise samples UAP NAG GAP sPGD Perturbed feature map Clean image Clean map Regenerated resilient feature map

  6. Defending Against Universal Attacks Through Selective Feature Regeneration Robustness to image-agnostic noise: Robustness to unseen universal attacks: NAG GAP sPGD Adversarial Input image perturbation Perturbed image Adversarial Perturbed noise image PD: croquet ball 77% FD: croquet ball 10% HGD: mixing bowl 30% Predictions Ours : ice cream 50% Ours : ice cream 83% Ours : ice cream 66% Summary: Proposed Baseline Proposed Baseline • Novel - norm measure identifies and ranks adversarially susceptible feature maps Defense Defense DNN DNN • Selective regeneration of only the most vulnerable feature maps restores robustness Bald eagle 99% Bald eagle 99% Code: https://github.com/tsborkar/Selective-feature-regeneration

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work with Allen Wang and Yaoliang Yu K.Wu, A.Wang and Y.Yu Wasserstein Adversarial Attacks July 29, 2020 1 / 18 Adversarial Examples Adversarial

1.04k views • 38 slides
Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem

Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem

images from Geris Game (Pixar, 1997) Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem Aykut Erdem Levent Karacan Computer Vision Lab, Hacettepe University Outline Part 1: Attacks on

1.11k views • 72 slides
On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th , 2020 Joint work with Nicholas Carlini, Wieland Brendel and Aleksander Madry What Are Adversarial Examples? 88% Tabby Cat 99% Guacamole Biggio

360 views • 21 slides
Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning Stronger Jingfeng Zhang 1 * , Xilie Xu 2* , Bo Han 34 , Gang Niu 4 , Lichen Cui 5 , Masashi Sugiyama 46 , and Mohan Kankanhalli 1 1 Department of Computer

376 views • 14 slides
Adversarial Attacks on Probabilistic Autoregressive Forecasting Models 2 (i) Probabilistic

Adversarial Attacks on Probabilistic Autoregressive Forecasting Models 2 (i) Probabilistic

ICML 2020 Raphal Dang-Nhu Gagandeep Singh Pavol Bielik Martin Vechev Department of Computer Science, ETH Zrich dangnhur@ethz.ch 1 Adversarial Attacks on Probabilistic Autoregressive Forecasting Models 2 (i) Probabilistic forecasting

765 views • 45 slides
Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias Hein, Bernt Schiele 2-Minute Overview Problem: Robustness to various adversarial examples. Adversarial training on L adversarial examples:

635 views • 34 slides
Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes & George

Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes & George

Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes & George Danezis UCL Adversarial examples transfer between different models. An adversarial example crafted against one model will generally fool other models.

515 views • 18 slides
Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao ,

Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao ,

Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao , Shiqing Ma, Yingqi Liu, Xiangyu Zhang Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( 50 times)

482 views • 34 slides
On Certifying Non-uniform Bounds against Adversarial Attacks Chen Liu , Ryota Tomioka ,

On Certifying Non-uniform Bounds against Adversarial Attacks Chen Liu , Ryota Tomioka ,

On Certifying Non-uniform Bounds against Adversarial Attacks Chen Liu , Ryota Tomioka , Volkan Cevher Ecole Polytechnique F ed erale de Lausanne Microsoft Research Cambridge June 11th, 2019 Liu et al. (EPFL)

557 views • 17 slides
15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico Kolter (this lecture) and Ariel Procaccia Carnegie Mellon University Spring 2018 Portions base upon joint work with Eric Wong 1 Outline Adverarial

710 views • 39 slides
Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Counteracting Adversarial Attacks in Autonomous Driving Qi Sun 1 , Arjun Ashok Rao 1 , Xufeng Yao

Counteracting Adversarial Attacks in Autonomous Driving Qi Sun 1 , Arjun Ashok Rao 1 , Xufeng Yao

Counteracting Adversarial Attacks in Autonomous Driving Qi Sun 1 , Arjun Ashok Rao 1 , Xufeng Yao 1 , Bei Yu 1 , Shiyan Hu 2 1 The Chinese University of Hong Kong 2 University of Southampton 1 / 21 Vision-Based Object Detection Classification

640 views • 29 slides
Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks Chetan

Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks Chetan

Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks Chetan Kumar, Riazat Ryan, Ming Shao Department of Computer and Information Science, University of Massachusetts, Dartmouth Data Leakage: Limited time

294 views • 27 slides
3D Scene Understanding for Vision, Graphics, and Robocs CVPR 2020 Workshop, Virtual, June 15th,

3D Scene Understanding for Vision, Graphics, and Robocs CVPR 2020 Workshop, Virtual, June 15th,

5/25/2020 3D Scene Understanding at CVPR 2020 3D Scene Understanding for Vision, Graphics, and Robocs CVPR 2020 Workshop, Virtual, June 15th, 2020 Introducon Program Schedule Previous Workshop Invited Speakers Andreas Geiger

266 views • 3 slides
SimBA: Simple Black-box Adversarial Attacks Chuan Guo , Jacob R. Gardner, Yurong You, Andrew

SimBA: Simple Black-box Adversarial Attacks Chuan Guo , Jacob R. Gardner, Yurong You, Andrew

SimBA: Simple Black-box Adversarial Attacks Chuan Guo , Jacob R. Gardner, Yurong You, Andrew Gordon Wilson, Kilian Q. Weinberger June 12, 2019 <latexit

383 views • 11 slides
Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th

Towards Adversarial Phishing Detection T. K. Panum, K. Hageman, R. R. Hansen, J. M. Pedersen 13th USENIX Workshop on Cyber Security Experimentation and Test Long Paper (Position) August 10, 2020 Motivation Phishing Attacks Advances in

387 views • 14 slides
CS 466 Introduction to Bioinformatics Instructor: Wesley Wei Qian Probability and Statistics

CS 466 Introduction to Bioinformatics Instructor: Wesley Wei Qian Probability and Statistics

CS 466 Introduction to Bioinformatics Instructor: Wesley Wei Qian Probability and Statistics Random Variables and Expectations Random Variable Random Variable Probability distribution Joint distribution Marginal distribution Independent

708 views • 46 slides
MA162: Finite mathematics . Jack Schmidt University of Kentucky March 27th, 2013 Schedule: HW

MA162: Finite mathematics . Jack Schmidt University of Kentucky March 27th, 2013 Schedule: HW

. MA162: Finite mathematics . Jack Schmidt University of Kentucky March 27th, 2013 Schedule: HW 1.1-1.4, 2.1-2.6, 3.1-3.3, 4.1, 5.1-5.3 (Late) HW 6A due Friday, Mar 29, 2013 HW 6B-6C due Friday, Apr 5, 2013 Exam 3, Monday, Apr 8, 2013 HW

630 views • 33 slides
CMU 15-251 Game theory Teachers: Anil Ada Ariel Procaccia (this time) Normal-Form Game

CMU 15-251 Game theory Teachers: Anil Ada Ariel Procaccia (this time) Normal-Form Game

CMU 15-251 Game theory Teachers: Anil Ada Ariel Procaccia (this time) Normal-Form Game = {1, , } o o : o j ( 1 , ,

555 views • 27 slides
Presentation Version October 11, 2019 787-600 Weighted Expenditure Per Month -2156 The

Presentation Version October 11, 2019 787-600 Weighted Expenditure Per Month -2156 The

Presentation Version October 11, 2019 787-600 Weighted Expenditure Per Month -2156 The weighted average expenditure per month shows a 17% increase vs. 2018, or $64 more Eating & Monthly Expenditure Weighted Drinking Places number of

534 views • 9 slides
CMU 15-896 Noncooperative games 1: Basic concepts Teacher: Ariel Procaccia Normal-Form Game

CMU 15-896 Noncooperative games 1: Basic concepts Teacher: Ariel Procaccia Normal-Form Game

CMU 15-896 Noncooperative games 1: Basic concepts Teacher: Ariel Procaccia Normal-Form Game A game in normal form consists of: Set of players o Strategy set o For each , utility function : if o each plays the strategy

629 views • 24 slides
Welcome to YCL! We will meet [amount of time] hour(s) per week We will meet in [room]

Welcome to YCL! We will meet [amount of time] hour(s) per week We will meet in [room]

Welcome to YCL! We will meet [amount of time] hour(s) per week We will meet in [room] We will start at [time] every [day] We will attend a competition on Dec. 2 We will compete against 19 other teams! Introductions Name

411 views • 15 slides
Disclosures We have no conflicts of interest to disclose. Learning Objectives Calculate

Disclosures We have no conflicts of interest to disclose. Learning Objectives Calculate

9/23/2018 Pharmacy Calculations Commonly Used in Prescription Drug Preparation Joshua Hahn, PharmD; Lauren Zupsic, PharmD PGY1 Pharmacy Residents St. Lukes Boise Medical Center September 28 th , 2018 Disclosures We have no conflicts of

282 views • 15 slides
Lesson 2- I can multiply by 10 and 100 reasoning and problem solving Recap: Yesterdays

Lesson 2- I can multiply by 10 and 100 reasoning and problem solving Recap: Yesterdays

Lesson 2- I can multiply by 10 and 100 reasoning and problem solving Recap: Yesterdays lesson helped us recap how to multiply by 10 (move the decimal place once to the right) and to multiply by 100 (move the decimal place to the right

134 views • 9 slides

More recommend