Defense Against Adversarial Images using Web-Scale Nearest-Neighbor - - PowerPoint PPT Presentation

defense against adversarial images using web scale
SMART_READER_LITE
LIVE PREVIEW

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor - - PowerPoint PPT Presentation

Jan 10, 2024 357 likes •457 views

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey, Laurens van der Maaten, I. Zeki Yalniz, Yixuan Li and Dhruv Mahajan Adversarial Images adversarial swan pelican perturbation

slide-1
SLIDE 1

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search

Abhimanyu Dubey, Laurens van der Maaten, I. Zeki Yalniz, Yixuan Li and Dhruv Mahajan

slide-2
SLIDE 2

Adversarial Images

“swan” “pelican” adversarial perturbation

slide-3
SLIDE 3

Nearest—Neighbors Defense

  • Adversarial perturbations move the input away from the image “manifold”.
  • KNN Defense: Project the image back on to the manifold.

clean image adversarial image

Approximation of manifold by tens of billions of images

nearest neighbors

slide-4
SLIDE 4

Nearest—Neighbors Defense

web-scale database

“swan” “pelican”

adversarial input

KNN

slide-5
SLIDE 5

Effect of Scale

Log-linear relationship.

PGD Attack

slide-6
SLIDE 6

Comparison with other defenses

Attack Type: PGD Model: ResNet-50

slide-7
SLIDE 7

KNN Based Attack

Separate database available to attacker. Overlap: %-age of images shared between attacker’s and defense database

Data obfuscation is a viable defense strategy.

slide-8
SLIDE 8

Thank You!

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Arxiv: https://arxiv.org/pdf/1903.01612.pdf Poster Session 3.1, Poster #87, 10:00 AM Thursday.