SLIDE 1
Synthesizing Robust Adversarial Examples
Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok
Standard Adversarial Examples
Given image x; target class y Maximize with projected gradient descent:
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan - - PowerPoint PPT Presentation
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan - - PowerPoint PPT Presentation
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Standard Adversarial Examples Given image x ; target class y Maximize with projected gradient descent: Standard Adversarial Examples Standard
SLIDE 2
SLIDE 3
Standard Adversarial Examples
SLIDE 4
Standard Adversarial Examples
SLIDE 5
Standard Adversarial Examples
Given image x; target class y Maximize with projected gradient descent: What happens when we transform the images?
SLIDE 6
Standard Examples are Fragile
SLIDE 7
Robust Adversarial Examples
Given image x; target class y; distribution of transformations T Maximize expectation over transformation: What happens when we transform the images?
SLIDE 8
Robust Adversarial Examples
SLIDE 9
Implementation
Euclidean LAB distance: Lagrangian Relaxation: Law of Large Numbers:
SLIDE 10
Results
SLIDE 11
Scaling EOT to 3D
Bundle everything into the transformation:
- 3D rendering
- 3D rotation
- Perspective projection
- Lighting
- Noise
SLIDE 12
SLIDE 13
Challenges
- Implementing a differentiable renderer
- Modeling 3D printer color inaccuracy
- Approximating physical phenomena
- Choosing parameters of distribution
SLIDE 14
SLIDE 15