towards robust detection of adversarial examples
play

Towards Robust Detection of Adversarial Examples Tianyu Pang, - PowerPoint PPT Presentation

Feb 08, 2023 •470 likes •590 views

Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL NeurIPS | 2018 Adversarial Examples From

  1. Towards Robust ¡Detection ¡of ¡Adversarial ¡Examples Tianyu Pang, Chao Du, Yinpeng Dong and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL NeurIPS | ¡2018

  2. Adversarial ¡Examples ¡ From ¡Dong ¡et ¡al. ¡(CVPR ¡2018)

  3. We ¡Detect ¡Adversarial ¡Examples, ¡and ¡How? Design ¡new ¡detectors: • Kernel ¡density ¡detector ¡(Feinman ¡et ¡al. ¡2017) • LID ¡detector ¡(Ma ¡et ¡al. ¡ICLR ¡2018) ¡ • ……

  4. We ¡Detect ¡Adversarial ¡Examples, ¡and ¡How? Design ¡new ¡detectors: • Kernel ¡density ¡detector ¡(Feinman ¡et ¡al. ¡2017) • LID ¡detector ¡(Ma ¡et ¡al. ¡ICLR ¡2018) ¡ • …… Train ¡the ¡models ¡to ¡better ¡collaborate ¡with ¡existing ¡detectors

  5. Reverse ¡Cross ¡Entropy Cross-­‑Entropy ¡(CE): Reverse ¡Cross-­‑Entropy ¡(RCE): 1 " : ¡One-­‑hot ¡label 𝑆 " : ¡Reverse ¡label 3 3 3 3 3 3 3 3 3 {0, ¡0, ¡0, ¡ 1 , ¡0, ¡0, ¡0, ¡0, ¡0, ¡0} { 4 , ¡ 4 , ¡ 4 , ¡ 0 , ¡ 4 , ¡ 4 , ¡ 4 , ¡ 4 , ¡ 4 , ¡ 4 } car plane bird cat deer dog frog horse ship truck car plane bird cat deer dog frog horse ship truck 𝓜 𝑫𝑭 = −𝟐 𝒛 * 𝐦𝐩𝐡(𝐆) 𝓜 𝑺𝑫𝑭 = −𝑺 𝒛 * 𝐦𝐩𝐡(𝐆)

  6. The ¡RCE ¡Training ¡Method Phase ¡1: ¡Reverse ¡Training Training ¡the ¡model ¡by ¡minimizing ¡the ¡RCE ¡loss Phase ¡2: ¡Reverse ¡Logits Negating ¡the ¡logits ¡fed ¡to ¡the ¡softmax ¡layer ¡to ¡give ¡predictions

  7. Theoretical ¡Analysis Property ¡1: ¡Consistent ¡and ¡Unbiased When ¡the ¡training ¡error ¡ 𝜷 ⟶ 𝟏 , ¡the ¡prediction ¡tends ¡to ¡the ¡one-­‑hot ¡label ¡ Property ¡2: ¡Tighter ¡Bound The ¡difference ¡between ¡any ¡two ¡non-­‑maximal ¡elements ¡decreases ¡as ¡ 𝚷(𝜷 𝟑 )

  8. Experiments CE RCE t-­‑SNE ¡visualization ¡of ¡learned ¡features ¡on ¡CIFAR-­‑10

  9. Experiments AUC-­‑scores ¡( 𝟐𝟏 :𝟑 ) ¡on ¡adversarial ¡examples

  10. For ¡more ¡results ¡and ¡analyses, ¡please ¡come ¡ Poster: ¡Room ¡210 ¡& ¡230 ¡AB ¡ #11 Code: ¡https://github.com/P2333/RCE TSAIL NeurIPS | ¡2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Standard Adversarial Examples Given image x ; target class y Maximize with projected gradient descent: Standard Adversarial Examples Standard

560 views • 15 slides
Imperceptible, Robust and Targeted Adversarial Examples for Automatic Speech Recognition 1 2 2

Imperceptible, Robust and Targeted Adversarial Examples for Automatic Speech Recognition 1 2 2

Imperceptible, Robust and Targeted Adversarial Examples for Automatic Speech Recognition 1 2 2 1 2 Yao Qin , Nicholas Carlini , Ian Goodfellow , Garrison Cottrell and Colin Raffel 1 2 UC San Diego Google Research Long Beach, ICML June

370 views • 9 slides
Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST 1 Chao GAO Jiyi LIU

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST 1 Chao GAO Jiyi LIU

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST 1 Chao GAO Jiyi LIU Weizhi ZHU U. Chicago Yale U. HKUST 2 Deep Learning is Notoriously Not Robust! Imperceivable adversarial examples are ubiquitous to fail

833 views • 72 slides
Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial examples? Standard ML setup: We have training data; try to do well on withheld testing data. Adversarial/robust ML setup: We have training

672 views • 27 slides
Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST Chao Gao (Chicago) Jiyu

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST Chao Gao (Chicago) Jiyu

Robust Statistics and Generative Adversarial Networks Yuan YAO HKUST Chao Gao (Chicago) Jiyu Liu (Yale) Weizhi Zhu (HKUST) Deep Learning is Notoriously Not Robust! Imperceivable adversarial examples are ubiquitous to fail neural networks

1.8k views • 133 slides
Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and

Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and

Robust Decision Trees Against Adversarial Examples Honge Chen 1 , Huan Zhang 2 , Duane Boning 1 and Cho-Jui Hsieh 2 1 MIT 2 UCLA 36 th International Conference on Machine Learning (ICML) June 11, 2019, Long Beach, CA, USA Code (XGBoost

859 views • 31 slides
Robust Multilingual Part-of-Speech Tagging via Adversarial Training (NAACL 2018) Michihiro

Robust Multilingual Part-of-Speech Tagging via Adversarial Training (NAACL 2018) Michihiro

Robust Multilingual Part-of-Speech Tagging via Adversarial Training (NAACL 2018) Michihiro Yasunaga , Jungo Kasai, Dragomir Radev Department of Computer Science, Yale University .github.io Adversarial Examples Very close to the

408 views • 24 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
Adversarial Examples are Not Easily Detected: Bypassing Ten Detection Methods Nicholas Carlini,

Adversarial Examples are Not Easily Detected: Bypassing Ten Detection Methods Nicholas Carlini,

Adversarial Examples are Not Easily Detected: Bypassing Ten Detection Methods Nicholas Carlini, David Wagner University of California, Berkeley Background Neural Networks I assume knowledge of neural networks ... This talk: neural

5.49k views • 57 slides
Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science

Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science

Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science and Technology wzhuai@ust.hk April 3, 2019 Robust Estimation and Generative Adversarial Nets [GLYZ18] Generative Adversarial Nets for Robust

252 views • 24 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
September 25 - Increasing Park Access & Amusements The Gift That Altered the Parks

September 25 - Increasing Park Access & Amusements The Gift That Altered the Parks

t o r y o f A H i s Golden Gate Park Fromm Institute - Fall 2019 - John Freeman September 25 - Increasing Park Access & Amusements The Gift That Altered the Parks Original Concept Gifted: 1877, Completed: 1878-9 James Lick

180 views • 14 slides
Practical Promises As opposed to impractical promises 1 what is asynchronous code? Asynchronous

Practical Promises As opposed to impractical promises 1 what is asynchronous code? Asynchronous

Practical Promises As opposed to impractical promises 1 what is asynchronous code? Asynchronous (aka async ) just means: takes some time or happens in the future, not right now and JavaScript won't wait for it. 3 what is

277 views • 27 slides
Direct or Indirect Match? Selecting Right Concepts for Zero-Example Case Speaker: Yi-Jie Lu

Direct or Indirect Match? Selecting Right Concepts for Zero-Example Case Speaker: Yi-Jie Lu

Direct or Indirect Match? Selecting Right Concepts for Zero-Example Case Speaker: Yi-Jie Lu Yi-Jie Lu 1 , Maaike de Boer 2,3 , Hao Zhang 1 , Klamer Schutte 2 , Wessel Kraaij 2,3 , Chong-Wah Ngo 1 1 VIREO Group, City University of Hong Kong, Hong

487 views • 26 slides
Managing dependencies is more than running composer update Nils Adermann @naderman

Managing dependencies is more than running composer update Nils Adermann @naderman

Managing dependencies is more than running composer update Nils Adermann @naderman Private Packagist https://packagist.com What are Dependencies? - Services - APIs - Client-side Integrations (OAuth / External JS / Analytics / )

533 views • 32 slides
Horses were used there for cultivation and transport in the Rikers ownership era & later by

Horses were used there for cultivation and transport in the Rikers ownership era & later by

Horses were used there for cultivation and transport in the Rikers ownership era & later by Correction at its inmate farm. The isle was a Civil War Union camp. Then too horses provided pull-power and transport. Above : Mounted officer at

299 views • 13 slides
Concretely Efficient La Large-Sc Scale M MPC wi with th Acti tive Securi rity ty (or

Concretely Efficient La Large-Sc Scale M MPC wi with th Acti tive Securi rity ty (or

Concretely Efficient La Large-Sc Scale M MPC wi with th Acti tive Securi rity ty (or (or, Ti TinyKeys fo for Ti TinyOT) ) Carmit Hazay, Emmanuela Orsini, Peter Scholl and Eduardo Soria-Vazquez La Large-Sc Scale MP MPC Current

398 views • 22 slides
Assessment of donkey body lesions and work types using the Brookes Standardised Equine Based

Assessment of donkey body lesions and work types using the Brookes Standardised Equine Based

Assessment of donkey body lesions and work types using the Brookes Standardised Equine Based Welfare Assessment Tool (SEBWAT) in Kenya James Kithuka Brooke East Africa james.kithuka@thebrooke.org Background 2 Brooke EA is a branch of the

726 views • 24 slides
Proverbs Series Lesson #006 February 3, 2013 Dean Bible Ministries www.deanbible.org Dr.

Proverbs Series Lesson #006 February 3, 2013 Dean Bible Ministries www.deanbible.org Dr.

Proverbs Series Lesson #006 February 3, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert L. Dean, Jr. Since this is superbowl Sunday.... Prov. 14:12. There is a way that seems right to a man, But its end is the way of death.

608 views • 33 slides

More recommend