Adversarial Examples Are Not Easily Detected

Carlini, Nicholas; Wagner, David

doi:10.1145/3128572.3140444

Cited by 1,264 publications

(1,291 citation statements)

References 31 publications

Supporting

Mentioning

1,277

Contrasting

Order By: Relevance

“…Besides, some defenses to adversarial attack are claimed not robust enough in last few years [48,49] and other methods came up [50]. In general, adversarial crafting attack is a big, important, and popular topic; we have not given a complete analysis to MalNet for adversarial attack, and in the future we will consider conducting some exploration and detailed analysis with relevant experiments for evaluation.…”

Section: Discussionmentioning

confidence: 99%

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Yan

Rao

2018

Security and Communication Networks

116

View full text Add to dashboard Cite

Malware detection plays a crucial role in computer security. Recent researches mainly use machine learning based methods heavily relying on domain knowledge for manually extracting malicious features. In this paper, we propose MalNet, a novel malware detection method that learns features automatically from the raw data. Concretely, we first generate a grayscale image from malware file, meanwhile extracting its opcode sequences with the decompilation tool IDA. Then MalNet uses CNN and LSTM networks to learn from grayscale image and opcode sequence, respectively, and takes a stacking ensemble for malware classification. We perform experiments on more than 40,000 samples including 20,650 benign files collected from online software providers and 21,736 malwares provided by Microsoft. The evaluation result shows that MalNet achieves 99.88% validation accuracy for malware detection. In addition, we also take malware family classification experiment on 9 malware families to compare MalNet with other related works, in which MalNet outperforms most of related works with 99.36% detection accuracy and achieves a considerable speed-up on detecting efficiency comparing with two state-of-the-art results on Microsoft malware dataset.

show abstract

Section: Discussionmentioning

confidence: 99%

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Yan

Rao

2018

Security and Communication Networks

116

View full text Add to dashboard Cite

show abstract

“…Various empirical defenses (e.g., [17,27,31]) have been proposed to defend against adversarial examples. However, these defenses were often soon broken by adaptive attacks [1,7]. In response, various certified defenses (e.g., [10,15,32,33,37]) against adversarial examples have been developed.…”

Section: Related Workmentioning

confidence: 99%

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Jia

Wang

Cao

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

Community detection plays a key role in understanding graph structure. However, several recent studies showed that community detection is vulnerable to adversarial structural perturbation. In particular, via adding or removing a small number of carefully selected edges in a graph, an attacker can manipulate the detected communities. However, to the best of our knowledge, there are no studies on certifying robustness of community detection against such adversarial structural perturbation. In this work, we aim to bridge this gap. Specifically, we develop the first certified robustness guarantee of community detection against adversarial structural perturbation. Given an arbitrary community detection method, we build a new smoothed community detection method via randomly perturbing the graph structure. We theoretically show that the smoothed community detection method provably groups a given arbitrary set of nodes into the same community (or different communities) when the number of edges added/removed by an attacker is bounded. Moreover, we show that our certified robustness is tight. We also empirically evaluate our method on multiple real-world graphs with ground truth communities.

show abstract

“…As an exploratory work and logical consequence of the transferability results, we analyze the impact of considering an ensemble of quantized models in order to filter out adversarial examples with a minimum impact on the natural accuracy. Such an ensemble method, like any other detection-based approach, suffers from a narrow threat model since the defense is useless with an attacker aware of the implementation details of the model in the target device [73]. However, for black-box paradigms, the use of quantized ensemble may have an interesting impact on the transferability when associated to other and complementary defense mechanisms.…”

Section: Resultsmentioning

confidence: 99%

Impact of Low-Bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks

Bernhard

Moëllic

Dutertre

2019

2019 International Conference on Cyberworlds (CW)

View full text Add to dashboard Cite

As the will to deploy neural networks models on embedded systems grows, and considering the related memory footprint and energy consumption issues, finding lighter solutions to store neural networks such as weight quantization and more efficient inference methods become major research topics. Parallel to that, adversarial machine learning has risen recently with an impressive and significant attention, unveiling some critical flaws of machine learning models, especially neural networks. In particular, perturbed inputs called adversarial examples have been shown to fool a model into making incorrect predictions. In this article, we investigate the adversarial robustness of quantized neural networks under different threat models for a classical supervised image classification task. We show that quantization does not offer any robust protection, results in severe form of gradient masking and advance some hypotheses to explain it. However, we experimentally observe poor transferability capacities which we explain by quantization value shift phenomenon and gradient misalignment and explore how these results can be exploited with an ensemble-based defense.

show abstract

Adversarial Examples Are Not Easily Detected

Cited by 1,264 publications

References 31 publications

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Impact of Low-Bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks

Contact Info

Product

Resources

About