Curriculum Adversarial Training

Cai, Qi-Zhi; Liu, Chang; Song, Dawn

doi:10.24963/ijcai.2018/520

Cited by 90 publications

(71 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The outer minimization is the standard training procedure to minimize the loss of a DNN. Recent work shows that this straightforward method is one of the most effective defenses against adversarial samples (Madry et al 2017;Tramèr et al 2017;Cai et al 2018).…”

Section: Adversarial Trainingmentioning

confidence: 99%

Distributionally Adversarial Attack

Zheng

Chen

Ren

2019

AAAI

View full text Add to dashboard Cite

Recent work on adversarial attack has shown that Projected Gradient Descent (PGD) Adversary is a universal first-order adversary, and the classifier adversarially trained by PGD is robust against a wide range of first-order attacks. It is worth noting that the original objective of an attack/defense model relies on a data distribution p(x), typically in the form of risk maximization/minimization, e.g., max/min E p(x) L(x) with p(x) some unknown data distribution and L(·) a loss function. However, since PGD generates attack samples independently for each data sample based on L(·), the procedure does not necessarily lead to good generalization in terms of risk optimization. In this paper, we achieve the goal by proposing distributionally adversarial attack (DAA), a framework to solve an optimal adversarial-data distribution, a perturbed distribution that satisfies the L∞ constraint but deviates from the original data distribution to increase the generalization risk maximally. Algorithmically, DAA performs optimization on the space of potential data distributions, which introduces direct dependency between all data points when generating adversarial samples. DAA is evaluated by attacking state-of-the-art defense models, including the adversarially-trained models provided by MIT MadryLab. Notably, DAA ranks the first place on MadryLab's white-box leaderboards, reducing the accuracy of their secret MNIST model to 88.79% (with l∞ perturbations of = 0.3) and the accuracy of their secret CIFAR model to 44.71% (with l∞ perturbations of = 8.0). Code for the experiments is released on https://github.com/tianzheng4/ Distributionally-Adversarial-Attack.

show abstract

Section: Adversarial Trainingmentioning

confidence: 99%

Distributionally Adversarial Attack

Zheng

Chen

Ren

2019

AAAI

View full text Add to dashboard Cite

show abstract

“…Note that x adv and x are vectors that contain multiple single values. Mathematically, x adv is defined as follows [24]:…”

Section: A Adversarial Examplesmentioning

confidence: 99%

“…where D is the dataset, e.g., the training dataset. The idea of adversarial training is to solve (12) by iteratively executing the following two steps [24]: 1) with all given x adv , find the optimal W for the outer minimization problem, and 2) with the given W , find the worst-case adversarial example x adv in the dataset D for the left inner maximization problem. The standard SGD method is used to train the network by estimating the weight matrix W .…”

Section: B Adversarial Trainingmentioning

confidence: 99%

“…The traditional practice in training ML models is to use clean data only, but this means that the output will be erroneous if the input data become contaminated. AML trains the model with both clean data and malicious data generated by the defender [24]. The adversarially trained models are then robust to the attacks used in the adversarial training [25], [26].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enabling Cyberattack-Resilient Load Forecasting through Adversarial Machine Learning

Tang

Jiao

Zhang

et al. 2019

2019 IEEE Power &Amp; Energy Society General Meeting (PESGM)

View full text Add to dashboard Cite

In the face of an increasingly broad cyberattack surface, cyberattack-resilient load forecasting for electric utilities is both more necessary and more challenging than ever. In this paper, we propose an adversarial machine learning (AML) approach, which can respond to a wide range of attack behaviors without detecting outliers. It strikes a balance between enhancing a system's robustness against cyberattacks and maintaining a reasonable degree of forecasting accuracy when there is no attack. Attack models and configurations for the adversarial training were selected and evaluated to achieve the desired level of performance in a simulation study. The results validate the effectiveness and excellent performance of the proposed method.

show abstract

“…The effectiveness of model-strengthening methods generally roots in gradient-confused [20] . Adversarial training methods [21][22][23][24] aim to make the target model loss of examples to be zeros, vanishing the gradient. Feature nullification methods [25] try to mask the original gradients.…”

Section: Introductionmentioning

confidence: 99%

A cascade model-aware generative adversarial example detection method

Han

Xia

2021

Tsinghua Sci. Technol.

View full text Add to dashboard Cite

Deep Neural Networks (DNNs) are demonstrated to be vulnerable to adversarial examples, which are elaborately crafted to fool learning models. Since the accuracy and robustness of DNNs are at odds for the adversarial training method, the adversarial example detection algorithms check whether the specific example is adversarial, which is promising to solve the issue of the adversarial example. However, among the existing methods, model-aware detection methods do not generalize well, while the detection accuracies of the generative-based methods are lower compared to the model-aware methods. In this paper, we propose a cascade model-aware generative adversarial example detection method, namely CMAG. CMAG consists of two first-order reconstructors and a second-order reconstructor, which can illustrate what the model sees to the human by reconstructing the logit and feature maps of the last convolution layer. Experimental results demonstrate that our method is effective and is more interpretable compared to some state-of-the-art methods.

show abstract

Curriculum Adversarial Training

Cited by 90 publications

References 2 publications

Distributionally Adversarial Attack

Distributionally Adversarial Attack

Enabling Cyberattack-Resilient Load Forecasting through Adversarial Machine Learning

A cascade model-aware generative adversarial example detection method

Contact Info

Product

Resources

About