Defense Against Adversarial Images using Web-Scale Nearest-Neighbor - PowerPoint PPT Presentation

Jan 10, 2024 •357 likes •457 views

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey, Laurens van der Maaten, I. Zeki Yalniz, Yixuan Li and Dhruv Mahajan Adversarial Images adversarial swan pelican perturbation

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey, Laurens van der Maaten, I. Zeki Yalniz, Yixuan Li and Dhruv Mahajan
Adversarial Images adversarial “swan” “pelican” perturbation
Nearest—Neighbors Defense • Adversarial perturbations move the input away from the image “manifold”. • KNN Defense : Project the image back on to the manifold. adversarial image clean image nearest neighbors Approximation of manifold by tens of billions of images
Nearest—Neighbors Defense adversarial input “swan” “pelican” KNN web-scale database
Effect of Scale PGD Attack Log-linear relationship.
Comparison with other defenses Attack Type: PGD Model: ResNet-50
KNN Based Attack Separate database available to attacker. Overlap : %-age of images shared between attacker’s and defense database Data obfuscation is a viable defense strategy.
Thank You! Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Arxiv: https://arxiv.org/pdf/1903.01612.pdf Poster Session 3.1, Poster #87, 10:00 AM Thursday.

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

760 views • 72 slides

Adversarial Search Rob Platt Northeastern University Some images and slides are used from: AIMA

Adversarial Search Rob Platt Northeastern University Some images and slides are used from: AIMA CS188 UC Berkeley What is adversarial search? Adversarial search: planning used to play a game such as chess or checkers algorithms are

989 views • 85 slides

Adversarial Search Robert Platt Northeastern University Some images and slides are used from:

Adversarial Search Robert Platt Northeastern University Some images and slides are used from: 1. CS188 UC Berkeley 2. RN, AIMA What is adversarial search? Adversarial search: planning used to play a game such as chess or checkers

1.19k views • 83 slides

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac Fuentes 1 , Dalton Rosario 2 , Christopher Kiekintveld 1 1 Department of Computer Science, UTEP 2 US Army Research Laboratory Adversarial Examples on

460 views • 19 slides

Generative Adversarial Networks Wanyue Li

Generating Fundus Fluorescence Angiography Images from Structure Fundus Images Using Generative Adversarial Networks Wanyue Li (wanyueli93@126.com) University of Science and Technology of China (USTC)

144 views • 10 slides

Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks Nicolas

Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks Nicolas Papernot , Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami May 24th, 2016 @ 37th IEEE Symposium on Security and Privacy @NicolasPapernot 1 M

1.38k views • 39 slides

Text-Adaptive Generative Adversarial Networks: Manipulating Images with Natural Language

Text-Adaptive Generative Adversarial Networks: Manipulating Images with Natural Language Seonghyeon Nam, Yunji Kim, Seon Joo Kim Dept. of Computer Science, Yonsei University Seoul, South Korea Manipulating Images with Natural Language Icons

193 views • 16 slides

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000

1.2k views • 60 slides

Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech

Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech University, China University of California, Davis, USA Neural networks in real-life applications user authentication autonomous

599 views • 30 slides

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future research directions Ian Goodfellow, Sta ff Research Scientist, Google Brain 1st IEEE Deep Learning and Security Workshop, May 24, 2018 This document

726 views • 36 slides

Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem

images from Geris Game (Pixar, 1997) Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem Aykut Erdem Levent Karacan Computer Vision Lab, Hacettepe University Outline Part 1: Attacks on

1.11k views • 72 slides

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion Yuan, Di

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion Yuan, Di Tang , Xiaojing Liao, XiaoFeng Wang, Xuan Feng, Kan Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang A C ASE IN THE W ILD Sexual stream t.cn

492 views • 30 slides

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld Zico Kolter Carnegie Mellon University Introduction We study a certified adversarial defense in " norm which scales to ImageNet

1.5k views • 12 slides

CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks

1 1,4 2,3 2 3 4 1 CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks Adversarial No defense: Baseline DNN perturbation Input image Classification Feature extraction dense Perturbed image

592 views • 6 slides

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning Training Examples Hidden units / BICYCLE features CAR PEDESTRIA N Parameters Input ImageNet (Russakovsky et al 2015) Adversarial Examples: Images

369 views • 19 slides

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk Kang , Virgil D. Gligor CyLab, Carnegie Mellon University * Qualcomm Dec. 12, 2013 Large Scale Link-Flooding Attacks Massive DDoS attacks against

487 views • 27 slides

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article Jean-Philippe Aumasson, Designing and attacking Kudelski Security (NAGRA) port scan detection tools by Solar Designer (Alexander D. J. Bernstein,

1.83k views • 164 slides

Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at

Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation shellcode (aka payload)

652 views • 36 slides

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Last time We continued By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow attacks & other vulnerabilities Overflow defenses Everything youve always wanted to know about

2.41k views • 197 slides

Adversarial Robustness via Runtime Masking and Cleansing Yi-Hsuan Wu Chia-Hung Yuan Shan-Hung

Adversarial Robustness via Runtime Masking and Cleansing Yi-Hsuan Wu Chia-Hung Yuan Shan-Hung Wu Department of Computer Science, National Tsing Hua University, Taiwan International Conference on Machine Learning, 2020 Y.H. Wu, C.H. Yuan,

1.3k views • 52 slides

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides

Cybercrime Kill Chain vs. Effec4veness of Defense Layers

Cybercrime Kill Chain vs. Effec4veness of Defense Layers Dr. Stefan Frei & Francisco Arts @stefan_frei @franklyfranc

787 views • 60 slides

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

1.13k views • 67 slides