synthesizing robust adversarial examples
play

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan - PowerPoint PPT Presentation

Dec 14, 2022 •812 likes •1.06k views

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

  1. Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok

  2. Adversarial examples

  3. Adversarial examples • Imperceptible perturbations to an input can change a neural network's prediction adversarial perturbation 88% tabby cat 99% guacamole

  4. Adversarial examples Given: Input image x , target label y Optimize: P ( y ∣ x ′ � ) arg max x ′ � d ( x , x ′ � ) < ϵ subject to

  6. Do adversarial examples work in the physical world?

  7. Adversarial examples in the physical world (Kurakin et al. 2016)

  8. ... or not? Foveation-based Mechanisms NO Need to Worry about Adversarial Alleviate Adversarial Examples Examples in Object Detection in (Luo et al. 2015) Autonomous Vehicles (Lu et al. 2017)

  9. Standard examples are fragile

  10. Are adversarial examples fundamentally fragile?

  11. Image processing pipeline PREDICTIONS IMAGE MODEL optimize P ( y ∣ x ′ � ) using gradient descent

  12. Physical world processing pipeline MODEL PREDICTIONS TRANSFORMATION IMAGE PARAMETERS these are randomized Challenge: No direct control over model input

  13. Attack: Expectation Over Transformation is di ff erentiable MODEL PREDICTIONS TRANSFORMATION IMAGE PARAMETERS these are randomized but the distribution T is known optimize 𝔽 t ∼ T [ P ( y ∣ t ( x ′ � )) ] using gradient descent (sampling, chain rule, di ff erentiating through t )

  14. EOT produces robust examples T = {rescale from 1x to 5x}

  15. EOT produces robust physical-world examples T = {rescale + rotate + translate + skew}

  16. Can we make this work with 3D objects?

  17. Physical world 3D processing pipeline is this di ff erentiable? MODEL PREDICTIONS RENDERING TEXTURE PARAMETERS 3D MODEL zoom: 1.3x rotation: [60°, 30°, 15°] translation: [1, 5, 0] ...

  18. Differentiable rendering • For any pose, 3D rendering is di ff erentiable with respect to texture • Simplest renderer: linear transformation of texture

  19. EOT produces 3D adversarial objects

  22. EOT reliably produces 3D adversarial objects Classification Attacker Inputs Distortion (l2) accuracy success rate Original 70% N/A 0 2D Adversarial 96.4% 5.6 ⨉ 10 -5 0.9% Original 84% N/A 0 3D Adversarial 84.0% 6.5 ⨉ 10 -5 1.7%

  23. Implications • Defenses based on randomized input transformations are insecure • Adversarial examples / objects are a physical-world concern Poster (and live demo): 6:15 – 9:00pm @ Hall B #73

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Standard Adversarial Examples Given image x ; target class y Maximize with projected gradient descent: Standard Adversarial Examples Standard

560 views • 15 slides
Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong

Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong

Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL NeurIPS | 2018 Adversarial Examples From

590 views • 10 slides
Imperceptible, Robust and Targeted Adversarial Examples for Automatic Speech Recognition 1 2 2

Imperceptible, Robust and Targeted Adversarial Examples for Automatic Speech Recognition 1 2 2

Imperceptible, Robust and Targeted Adversarial Examples for Automatic Speech Recognition 1 2 2 1 2 Yao Qin , Nicholas Carlini , Ian Goodfellow , Garrison Cottrell and Colin Raffel 1 2 UC San Diego Google Research Long Beach, ICML June

370 views • 9 slides
Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST 1 Chao GAO Jiyi LIU

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST 1 Chao GAO Jiyi LIU

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST 1 Chao GAO Jiyi LIU Weizhi ZHU U. Chicago Yale U. HKUST 2 Deep Learning is Notoriously Not Robust! Imperceivable adversarial examples are ubiquitous to fail

833 views • 72 slides
Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial examples? Standard ML setup: We have training data; try to do well on withheld testing data. Adversarial/robust ML setup: We have training

672 views • 27 slides
Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST Chao Gao (Chicago) Jiyu

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST Chao Gao (Chicago) Jiyu

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST Chao Gao (Chicago) Jiyu Liu (Yale) Weizhi Zhu (HKUST) Deep Learning is Notoriously Not Robust! Imperceivable adversarial examples are ubiquitous to fail neural networks

1.8k views • 133 slides
Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and

Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and

Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and Cho-Jui Hsieh 2 1 MIT 2 UCLA 36 th International Conference on Machine Learning (ICML) June 11, 2019, Long Beach, CA, USA Code (XGBoost

859 views • 31 slides
Robust Multilingual Part-of-Speech Tagging via Adversarial Training (NAACL 2018) Michihiro

Robust Multilingual Part-of-Speech Tagging via Adversarial Training (NAACL 2018) Michihiro

Robust Multilingual Part-of-Speech Tagging via Adversarial Training (NAACL 2018) Michihiro Yasunaga , Jungo Kasai, Dragomir Radev Department of Computer Science, Yale University .github.io Adversarial Examples Very close to the

408 views • 24 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science

Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science

Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science and Technology wzhuai@ust.hk April 3, 2019 Robust Estimation and Generative Adversarial Nets [GLYZ18] Generative Adversarial Nets for Robust

252 views • 24 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

Todays Story: How I got my first Death Threat ? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr October 8 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The

415 views • 29 slides
Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &amp;

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &amp;

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &amp; Christian Szegedy Presented by - Kawin Ethayarajh and Abhishek Tiwari Introduction - adversarial examples : Inputs formed by applying small but

1.49k views • 103 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &amp;

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &amp;

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &amp; Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
On the (In-)Security of Machine Learning Nicholas Carlini Google Brain Written: Sept 24, 2014

On the (In-)Security of Machine Learning Nicholas Carlini Google Brain Written: Sept 24, 2014

On the (In-)Security of Machine Learning Nicholas Carlini Google Brain Written: Sept 24, 2014 Written: Sept 24, 2014 Today: Oct 16, 2018 Written: Sept 24, 2014 Today: Oct 16, 2018 ... 4 years ago So how are we doing? 95% it is a

1.14k views • 79 slides
Finite-time Blowup of Semilinear PDEs via the Feynman-Kac Representation E A LFREDO L J OS

Finite-time Blowup of Semilinear PDEs via the Feynman-Kac Representation E A LFREDO L J OS

Finite-time Blowup of Semilinear PDEs via the Feynman-Kac Representation E A LFREDO L J OS OPEZ -M IMBELA C ENTRO DE I NVESTIGACI ON EN M ATEM ATICAS G UANAJUATO , M EXICO jalfredo@cimat.mx Introduction and backgrownd Consider a

525 views • 23 slides
T he E gyptian IPv6 T ask F or c e E xpe r ie nc e Hisham Ahme d Ibr ahim Ministry of

T he E gyptian IPv6 T ask F or c e E xpe r ie nc e Hisham Ahme d Ibr ahim Ministry of

T he E gyptian IPv6 T ask F or c e E xpe r ie nc e Hisham Ahme d Ibr ahim Ministry of Communic ation &amp; Information T e c hnology (MCIT ) T he E gyptian IPv6 T ask F orc e ahisham@mc it.gov.e g T T he E he E gyptian

384 views • 17 slides
Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012 Dubrovnik, Croatia Szabolcs Szkelyi &lt;szekelyi@niif.hu&gt; Agenda Storage infrastructure update Archiving service Cloud GUI

877 views • 18 slides
of Graph Embeddings Aleksandar Bojchevski Technical University of Munich, Germany Graph

of Graph Embeddings Aleksandar Bojchevski Technical University of Munich, Germany Graph

Uncertainty and Robustness of Graph Embeddings Aleksandar Bojchevski Technical University of Munich, Germany Graph Embedding Day 2018 - Lyon Neglected aspects of graph embeddings Capturing uncertainty Robustness to noise Robustness to

885 views • 67 slides
Messers Jarrod Miller and Neil Aitken 2014 This AGM reviews 2014 using the slide template made

Messers Jarrod Miller and Neil Aitken 2014 This AGM reviews 2014 using the slide template made

For the attention of the Directors Messers Jarrod Miller and Neil Aitken 2014 This AGM reviews 2014 using the slide template made available on the new theagm.com website Jarrod and Neil are two blokes who like to do stupid stuff ,

665 views • 29 slides
Version Control 2 Lab Schedule Today Lab 2 Version Control Next Week Intro to

Version Control 2 Lab Schedule Today Lab 2 Version Control Next Week Intro to

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Version Control 2 Lab Schedule Today Lab 2 Version Control Next Week Intro to C (for C++ programmers) Lab 3 C Programming /

553 views • 22 slides

More recommend