Adversarial Examples: Opportunities and Challenges

Zhang, Jiliang; Li, Chen

doi:10.1109/tnnls.2019.2933524

Cited by 135 publications

(108 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The two major lines of research around adversarial examples have been: (1) generating AEs and (2) defending against AEs. This paper will not cover either, and the reader is referred to recent surveys [1,6,40]. In parallel to those two lines, however, a significant body of work has been carried out to delve into the root causes of AEs and their implications.…”

Section: Previous Workmentioning

confidence: 99%

Robustness to adversarial examples can be improved with overfitting

Deniz

Pedraza

Vállez

et al. 2020

Int. J. Mach. Learn. & Cyber.

View full text Add to dashboard Cite

Deep learning (henceforth DL) has become most powerful machine learning methodology. Under specific circumstances recognition rates even surpass those obtained by humans. Despite this, several works have shown that deep learning produces outputs that are very far from human responses when confronted with the same task. This the case of the so-called "adversarial examples" (henceforth AE). The fact that such implausible misclassifications exist points to a fundamental difference between machine and human learning. This paper focuses on the possible causes of this intriguing phenomenon. We first argue that the error in adversarial examples is caused by high bias, i.e. by regularization that has local negative effects. This idea is supported by our experiments in which the robustness to adversarial examples is measured with respect to the level of fitting to training samples. Higher fitting was associated to higher robustness to adversarial examples. This ties the phenomenon to the trade-off that exists in machine learning between fitting and generalization.

show abstract

Section: Previous Workmentioning

confidence: 99%

Robustness to adversarial examples can be improved with overfitting

Deniz

Pedraza

Vállez

et al. 2020

Int. J. Mach. Learn. & Cyber.

View full text Add to dashboard Cite

show abstract

“…The probability of class "1" before and after perturbation. Before perturbating, the score of class "1" is 5%; however, the score is increased to 88% by adding or subtracting 0.5 from each dimension in a specific direction of the original sample (Image Credit: Zhang et al [59]).…”

Section: Causes Of Adversarial Examplesmentioning

confidence: 99%

“…Adversarial samples have three basic characteristics [59], i.e., transferability, regularization effect, and adversarial instability.…”

Section: Characteristics Of Adversarial Examplesmentioning

confidence: 99%

Review of Artificial Intelligence Adversarial Attack and Defense Technologies

et al. 2019

View full text Add to dashboard Cite

In recent years, artificial intelligence technologies have been widely used in computer vision, natural language processing, automatic driving, and other fields. However, artificial intelligence systems are vulnerable to adversarial attacks, which limit the applications of artificial intelligence (AI) technologies in key security fields. Therefore, improving the robustness of AI systems against adversarial attacks has played an increasingly important role in the further development of AI. This paper aims to comprehensively summarize the latest research progress on adversarial attack and defense technologies in deep learning. According to the target model’s different stages where the adversarial attack occurred, this paper expounds the adversarial attack methods in the training stage and testing stage respectively. Then, we sort out the applications of adversarial attack technologies in computer vision, natural language processing, cyberspace security, and the physical world. Finally, we describe the existing adversarial defense methods respectively in three main categories, i.e., modifying data, modifying models and using auxiliary tools.

show abstract

“…With the rise of neural networks, adversarial examples and their mitigation [7,16,39] have become subject to competitive research, especially in the image domain, see Section 2.1. Analog to images, one can generate adversarial examples for audio data, see Section 2.2.…”

Section: Related Workmentioning

confidence: 99%

“…The first adversarial examples to non-linear algorithms were generated by Biggio et al [4] and Szegedy et al [31] in 2013. Up until now, various attacks on plenty of datasets focusing on images have been presented (for an overview, see, e.g., [39]). Later, adversarial audio started to get analysed as well [10,12,17,25,26,33,35].…”

Section: Related Workmentioning

confidence: 99%