Chilin Fu scite author profile

Neural networks are vulnerable to adversarial examples, which are malicious inputs crafted to fool pre-trained models. Adversarial examples often exhibit black-box attacking transferability, which allows that adversarial examples crafted for one model can fool another model. However, existing black-box attack methods require samples from the training data distribution to improve the transferability of adversarial examples across different models. Because of the data dependence, fooling ability of adversarial perturbations is only applicable when training data are accessible. In this paper, we present a data-free method for crafting adversarial perturbations that can fool a target model without any knowledge about the training data distribution. In the practical setting of black-box attack scenario where attackers do not have access to target models and training data, our method achieves high fooling rates on target models and outperforms other universal adversarial perturbation methods. Our method empirically shows that current deep learning models are still at a risk even when the attackers do not have access to training data.

show abstract

AntProphet: an Intention Mining System behind Alipay's Intelligent Customer Service Bot

Chen¹,

Zhang²,

Ju³

et al. 2019

View full text Add to dashboard Cite

We create an intention mining system, named AntProphet, for Alipay's intelligent customer service bot, to alleviate the burden of customer service. Whenever users have any questions, AntProphet is the first stop to help users to answer their questions. Our system gathers users' profile and their historical behavioral trajectories, together with contextual information to predict users' intention, i.e., the potential questions that users want to resolve. AntProphet takes care of more than 90% of the customer service demands in the Alipay APP and resolves most of the users' problems on the spot, thus significantly reduces the burden of manpower. With the help of it, the overall satisfaction rate of our customer service bot exceeds 85%.

show abstract

Learning to Select Instance: Simultaneous Transfer Learning and Clustering

Huan¹,

Wang²,

He³

et al. 2021

View full text Add to dashboard Cite

aDMSCN

Xu¹,

Fu²,

Zhang³

et al. 2020

View full text Add to dashboard Cite

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

Xiao¹,

Gao²,

Fu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Face recognition is greatly improved by deep convolutional neural networks (CNNs). Recently, these face recognition models have been used for identity authentication in security sensitive applications. However, deep CNNs are vulnerable to adversarial patches, which are physically realizable and stealthy, raising new security concerns on the real-world applications of these models. In this paper, we evaluate the robustness of face recognition models using adversarial patches based on transferability, where the attacker has limited accessibility to the target models. First, we extend the existing transfer-based attack techniques to generate transferable adversarial patches. However, we observe that the transferability is sensitive to initialization and degrades when the perturbation magnitude is large, indicating the overfitting to the substitute models. Second, we propose to regularize the adversarial patches on the low dimensional data manifold. The manifold is represented by generative models pre-trained on legitimate human face images. Using face-like features as adversarial perturbations through optimization on the manifold, we show that the gaps between the responses of substitute models and the target models dramatically decrease, exhibiting a better transferability. Extensive digital world experiments are conducted to demonstrate the superiority of the proposed method in the black-box setting. We apply the proposed method in the physical world as well.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Chilin Fu

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

MSSM: A Multiple-level Sparse Sharing Model for Efficient Multi-Task Learning

Reinforcement Learning for User Intent Prediction in Customer Service Bots

Data-Free Adversarial Perturbations for Practical Black-Box Attack

AntProphet: an Intention Mining System behind Alipay's Intelligent Customer Service Bot

Learning to Select Instance: Simultaneous Transfer Learning and Clustering

aDMSCN

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

Contact Info

Product

Resources

About