learning universal adversarial perturbations with
play

Learning Universal Adversarial Perturbations with Generative Models - PowerPoint PPT Presentation

Oct 04, 2022 •331 likes •515 views

Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes & George Danezis UCL Adversarial examples transfer between different models. An adversarial example crafted against one model will generally fool other models.

  1. Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes & George Danezis UCL

  2. Adversarial examples transfer between different models. An adversarial example crafted against one model will generally fool other models. Adversarial Example Model 1 Model 2 [SZS13] Szegedy et al. Intriguing properties of neural networks.

  3. Why do adversarial examples transfer?

  4. Why do adversarial examples transfer? [GSS15] Goodfellow et al. Explaining and Harnessing Adversarial Examples [LCL17] Liu et al. Delving into Transferable Adversarial Examples and Black-Box Attacks

  5. In the most extreme case, it is possible to construct a single perturbation that will fool a model when added to any image! Banana Truck Hammer Cat Dog Football [GSS15] Goodfellow et al. Explaining and Harnessing Adversarial Examples [MFF16] Moosavi-Dezfooli. Universal adversarial perturbations.

  6. Can a neural network learn universal adversarial perturbations?

  7. Can a neural network learn universal adversarial perturbations? Scale Clip Classify Target Adversarial Model Model

  8. Can a neural network learn universal adversarial perturbations? Scale Clip Classify Target Adversarial Model Model Given a model, f , and a image, x , classified correctly as c 0 , the attacker model is training to minimize: We scale the perturbation such that never exceeds 0.04.

  9. Learned Universal Adversarial Perturbations Inception-V3 ResNet-152 VGG-19 ImageNet test accuracy Original: 77.2% 78.4% 71.0% Adversarial: 22.7% 11.1% 15.1%

  10. Inception-V3: Inception-V3: Fire engine (54.6%) Wrecker (79.4%) ResNet-152: ResNet-152: Table lamp (87.2%) Tabby cat (41.9%) VGG-19: VGG-19: Radio telescope (97.5%) Great Pyrenees (36.7%)

  11. We can perform targeted attacks to force the model to always classify as label, c , by changing the loss term from: To:

  12. Target class: Golf Ball Inception-V3: Inception-V3: American egret (95.0%) Golf ball (98.8%) ResNet-152: ResNet-152: Binoculars (99.9%) Golf ball (62.9%) VGG-19: VGG-19: Indian cobra (99.9%) Golf ball (99.7%)

  14. Adversarial Training Defense Include adversarial examples during training to improve robustness. Instead of optimizing , optimize

  15. Adversarial Training Defense Play Cat and Mouse game: 1) Train generative model to create perturbations, report target model accuracy on adversarial examples 2) Use adversarial training to defend target model, report target model accuracy on adversarial examples. 3) Go to (1)

  16. Adversarial Training Defense Play Cat and Mouse game: 1) Train generative model to create perturbations, report target model accuracy on adversarial examples 2) Use adversarial training to defend target model, report target model accuracy on adversarial examples. 3) Go to (1)

  17. Related Work Three pre-prints using the same technique appeared online within a few days of one another. This work, Poursaeed et al. [1], Mopuri et al. [2]. V G G - 1 9 I N C E P T I O N - V 1 This work 0.846 0.809 Poursaeed et al. [1] 0.801 0.792 Mopuri et al. [2] 0.838 0.904 [1] Poursaeed et al. Generative Adversarial Perturbations. [2] Moosavi-Dezfooli. NAG: Network for Adversary Generation.

  18. Thanks! j.hayes@cs.ucl.ac.uk @_jamiedh

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Evaluation of Adversarial Perturbations for Sequence-to-Sequence Models Paul Michel, Xian Li,

On Evaluation of Adversarial Perturbations for Sequence-to-Sequence Models Paul Michel, Xian Li,

On Evaluation of Adversarial Perturbations for Sequence-to-Sequence Models Paul Michel, Xian Li, Graham Neubig, Juan Pino Adversarial Attacks/Perturbations Apply a small (indistinguishable) perturbation to the input that elicit large

908 views • 75 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations Florian

Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations Florian

Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations Florian Tramr Jens Behrmann Nicholas Carlini Nicolas Papernot Jrn-Henrik Jacobsen What are Adversarial Examples? any input to a ML model that is

1.13k views • 16 slides
Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks Nicolas

Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks Nicolas

Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks Nicolas Papernot , Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami May 24th, 2016 @ 37th IEEE Symposium on Security and Privacy @NicolasPapernot 1 M

1.38k views • 39 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Adversarial Perturbations of Opinion Dynamics in Networks Jason Gaitonde (Cornell University)

Adversarial Perturbations of Opinion Dynamics in Networks Jason Gaitonde (Cornell University)

Adversarial Perturbations of Opinion Dynamics in Networks Jason Gaitonde (Cornell University) EC 2020 Joint work with Jon Kleinberg (Cornell) and va Tardos (Cornell) Problem Setup Peoples opinions evolve via their interactions with

519 views • 4 slides
Adversarial Learning Bounds for Linear Classes and Neural Nets Understanding Adversarial Learning

Adversarial Learning Bounds for Linear Classes and Neural Nets Understanding Adversarial Learning

Adversarial Learning Bounds for Linear Classes and Neural Nets Understanding Adversarial Learning through Rademacher Complexity Pranjal Awasthi, Natalie Frank, Mehryar Mohri Google Research & Courant Institute August 14, 2020 1 / 17

397 views • 17 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks

CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks

1 1,4 2,3 2 3 4 1 CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks Adversarial No defense: Baseline DNN perturbation Input image Classification Feature extraction dense Perturbed image

592 views • 6 slides
UNIVERSAL DESIGN FOR LEARNING (UDL) UNIVERSAL DESIGN FOR LEARNING (UDL) First defined by the

UNIVERSAL DESIGN FOR LEARNING (UDL) UNIVERSAL DESIGN FOR LEARNING (UDL) First defined by the

UNIVERSAL DESIGN FOR LEARNING (UDL) UNIVERSAL DESIGN FOR LEARNING (UDL) First defined by the Center for Applied Special Technology (CAST), UDL is a framework which promotes flexible instructional environments in order to accommodate a wide

609 views • 23 slides
Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Bayesian Deep Learning Barcelona, 2016-12-10 Speculation on Three Topics Can we

769 views • 21 slides
Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning Stronger Jingfeng Zhang 1 * , Xilie Xu 2* , Bo Han 34 , Gang Niu 4 , Lichen Cui 5 , Masashi Sugiyama 46 , and Mohan Kankanhalli 1 1 Department of Computer

376 views • 14 slides
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramr November

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramr November

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramr November 14 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The Future of Ad-Blocking easylist.txt markup

612 views • 23 slides
Introduction Universal Learning Design: A View from Conceptual Goals to the ! Universal Learning

Introduction Universal Learning Design: A View from Conceptual Goals to the ! Universal Learning

Introduction Universal Learning Design: A View from Conceptual Goals to the ! Universal Learning Design Actual Implementation is a set of principles for curriculum and teaching tool development that gives all individuals equal

271 views • 12 slides
CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial

CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial

CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial Learning 1 / 26 Overview Two topics for today: Adversarial examples: examples carefully crafted to cause an undesirable behavior (e.g.

412 views • 26 slides
Living in a fools wireless - secured paradise Stefan Kiese Topics Wireless (consumer)

Living in a fools wireless - secured paradise Stefan Kiese Topics Wireless (consumer)

Living in a fools wireless - secured paradise Stefan Kiese Topics Wireless (consumer) alarm systems Hardware Software Hacking it ;) 2015/10/02 Stefan Kiese 2 About me Security Analyst @ ERNW Heidelberg, Germany

690 views • 23 slides
For the wise men of old, the cardinal problem of human life was how to conform the soul to

For the wise men of old, the cardinal problem of human life was how to conform the soul to

For the wise men of old, the cardinal problem of human life was how to conform the soul to objective reality, and the solution was wisdom, self-discipline, and virtue. For the modern, the cardinal problem is how to conform reality to the

351 views • 10 slides
Outsourcing Source Code Distribution Requirements Alexios Zavras, Stefano Zacchiroli Intel,

Outsourcing Source Code Distribution Requirements Alexios Zavras, Stefano Zacchiroli Intel,

Outsourcing Source Code Distribution Requirements Alexios Zavras, Stefano Zacchiroli Intel, alexios.zavras@intel.com Sofware Heritage, zack@upsilon.cc 4 February 2018 FOSDEM Brussels, Belgium Alexios Zavras, Stefano Zacchiroli Outsourcing

420 views • 29 slides
Adversaries & Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras

Adversaries & Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras

Adversaries & Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras gradient-science.org Outline for today 1. Simple gradient explanations Exercise 1: Gradient saliency Exercise 2: SmoothGrad 2. Adversarial

534 views • 37 slides
Data Sovereignty The importance of geolocating data in the cloud Zachary N J Peterson Mark

Data Sovereignty The importance of geolocating data in the cloud Zachary N J Peterson Mark

HotCloud 2011 Data Sovereignty The importance of geolocating data in the cloud Zachary N J Peterson Mark Gondree Rob Beverly Your Data is Here But, maybe it should be here Or Here? Breaking the Abstraction Is data within some political

584 views • 20 slides

P P P P P P P P P P P P

455 views • 13 slides
Mapping of the space change of Oued Ali Mountains (Mascara, Algeria) by Landsat optical imagery

Mapping of the space change of Oued Ali Mountains (Mascara, Algeria) by Landsat optical imagery

Mapping of the space change of Oued Ali Mountains (Mascara, Algeria) by Landsat optical imagery Farida BACHIR BELMEHDI (1) , Kamel HASNI (2) , Bachir GOURINE (2) and Moussa LESGAA 1 (1) University of Oran 2, Faculty of Earth Sciences and Universe,

615 views • 6 slides
Bayesian Learning By Harivinod N Vivekananda College of Engineering Technology, Puttur 15CS73

Bayesian Learning By Harivinod N Vivekananda College of Engineering Technology, Puttur 15CS73

Module-IV Bayesian Learning By Harivinod N Vivekananda College of Engineering Technology, Puttur 15CS73 - Machine Learning Harivinod N Hypothesis A hypothesis is a certain function that we

1.03k views • 44 slides

More recommend