AdVersarial

Tramèr, Florian; Dupré, Pascal; Rusak, Gili; Pellegrino, Giancarlo; Boneh, Dan

doi:10.1145/3319535.3354222

Cited by 88 publications

(94 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research is ongoing in improving the stability and convergence of GANs (e.g., Denton, Chintala, Szlam, & Fergus, ; Salimans et al, ). Another related topic is to make deep neural networks robust against minor perturbations, often through transforming the training images (e.g., Guo, Rana, Cisse, & van der Maaten, ; Papernot & McDaniel, ; Tramèr, Kurakin, Papernot, Boneh, & McDaniel, ). Detailed discussion on the two related topics is beyond the scope of this survey paper.…”

Section: Discussionmentioning

confidence: 99%

A survey of game theoretic approach for adversarial machine learning

Zhou

Kantarcıoğlu

2018

WIREs Data Min & Knowl

View full text Add to dashboard Cite

The field of machine learning is progressing at a faster pace than ever before. Many organizations leverage machine learning tools to extract useful information from a massive amount of data. In particular, machine learning finds its application in cybersecurity that begins to enter the age of automation. However, machine learning applications in cybersecurity face unique challenges other domains rarely do—attacks from active adversaries. Problems in areas such as intrusion detection, banking fraud detection, spam filtering, and malware detection have to face challenges of adversarial attacks that modify data so that malicious instances would evade detection by the learning systems. The adversarial learning problem naturally resembles a game between the learning system and the adversary. In such a game, both players would attempt to play their best strategies against each other while maximizing their own payoffs. To solve the game, each player would search for an optimal strategy against the opponent based on the prediction of the opponent's strategy choice. The problem becomes even more complicated in settings where the learning system may have to deal with many adversaries of unknown types. Applying game‐theoretic approach, robust learning techniques have been developed to specifically address adversarial attacks and the preliminary results are promising. In this review, we summarize these results. This article is categorized under: Technologies > Machine Learning Fundamental Concepts of Data and Knowledge > Key Design Issues in Data Mining

show abstract

Section: Discussionmentioning

confidence: 99%

A survey of game theoretic approach for adversarial machine learning

Zhou

Kantarcıoğlu

2018

WIREs Data Min & Knowl

View full text Add to dashboard Cite

show abstract

“…Recently, Xiao et al (2018) and Tramèr & Boneh (2017) observed independently that it is possible to use various spatial transformations to construct adversarial examples for naturally and ∞ -adversarially trained models. The main difference from our work is that we show even very simple transformations (translations and rotations) are sufficient to break a variety of classifiers, while the transformations employed in (Xiao et al, 2018) and (Tramèr & Boneh, 2017) are more involved. The transformation in (Xiao et al, 2018) is based on performing a displacement of individual pixels in the original image constrained to be globally smooth and then optimized for misclassification probability.…”

Section: Related Workmentioning

confidence: 99%

“…The transformation in (Xiao et al, 2018) is based on performing a displacement of individual pixels in the original image constrained to be globally smooth and then optimized for misclassification probability. Tramèr & Boneh (2017) consider an ∞ -bounded pixel-wise perturbation of a version of the original image that has been slightly rotated and in which a few random pixels have been flipped. Both of these methods require direct access to the attacked model (or a surrogate) to compute (or at least estimate) the gradient of the loss function with respect to the model's input.…”

Section: Related Workmentioning

confidence: 99%

“…As such, one may suspect that adversarial examples are a problem only in the presence of a truly malicious attacker, and are unlikely to arise in more benign environments. However, recent work has shown that neural network-based vision classifiers are vulnerable to input images that have been spatially transformed through small rotations, translations, shearing, scaling, and other natural transformations (Fawzi & Frossard, 2015;Kanbak et al, 2018;Xiao et al, 2018;Tramèr & Boneh, 2017). Such transformations are pervasive in vision applications and hence quite likely to naturally occur in practice.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Exploring the Landscape of Spatial Robustness

Engstrom,

Tran,

Tsipras

et al. 2017

Preprint

View full text Add to dashboard Cite

The study of adversarial robustness has so far largely focused on perturbations bound in p -norms. However, state-of-the-art models turn out to be also vulnerable to other, more natural classes of perturbations such as translations and rotations. In this work, we thoroughly investigate the vulnerability of neural network-based classifiers to rotations and translations. While data augmentation offers relatively small robustness, we use ideas from robust optimization and test-time input aggregation to significantly improve robustness. Finally we find that, in contrast to the p -norm case, first-order methods cannot reliably find worst-case perturbations. This highlights spatial robustness as a fundamentally different setting requiring additional study. 1

show abstract

“…There has been a consensus that a general method to improve the robustness of neural networks is adversarial training [5,39,83,84]. It refers to the process of re-training a model with adversarial examples to improve its classification accuracy on modified and which is vulnerable to whitebox attack.…”

Section: Defense Methodsmentioning

confidence: 99%

Adversarial attacks and defenses for visual signals

Cheng¹

View full text Add to dashboard Cite

Over the course of my researching, I wish to express my thanks to all those who have helped me.First of all, I would like to express my sincerely respect and greatest gratitude to my supervisor, Prof. Lin Shang-Wei, and my co-supervisor, Prof. Lin Weisi, for providing me the precious opportunity of engaging the academic career and pursuing my Ph.D degree.Their patient guidance, constant support and invaluable advice encourage me throughout my entire Ph.D. period. I gratefully recognize the help of my collaborators, Dr. Guo Qing, Dr. Felix Juefei-Xu, Dr. Fu Huazhu and Dr. Zhai Liming, for their wisely suggestions and academic writing skills which make my research ability great improved.The days serving as a Ph.D. student in Nanyang Technological University will always stay in my memory. So is the thankfulness for the help from my learned Professors, Prof.

show abstract

AdVersarial

Cited by 88 publications

References 51 publications

A survey of game theoretic approach for adversarial machine learning

A survey of game theoretic approach for adversarial machine learning

Exploring the Landscape of Spatial Robustness

Adversarial attacks and defenses for visual signals

Contact Info

Product

Resources

About