Distributionally Adversarial Attack

Zheng, Tianhang; Chen, Changyou; Ren, Kui

doi:10.1609/aaai.v33i01.33012253

Cited by 84 publications

(45 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With regard to DFR introduced in Section II-B1, it is important to prevent or detect the adversarial attack proactively. Many researchers proposed defence methods that attempt to classify AEs correctly, but the methods have been being defeated by newly developed attacks [126]- [128].…”

Section: Adversarial Attack Detectionmentioning

confidence: 99%

Artificial Intelligence Security Threat, Crime, and Forensics: Taxonomy and Open Issues

Jeong

2020

IEEE Access

View full text Add to dashboard Cite

Advances in Artificial Intelligence (AI) have influenced almost every field including computer science, robotics, social engineering, psychology, criminology and so on. Although AI has solved various challenges, potential security threats of AI algorithms and training data have been stressed by AI researchers. As AI system inherits security threats of traditional computer system, the concern about novel cyberattack enhanced by AI is also growing. In addition, AI is deeply connected to physical space (e.g. autonomous vehicle, intelligent virtual assistant), so AI-related crime can harm people physically, beyond the cyberspace. In this context, we represent a literature review of security threats and AI-related crime. Based on the literature review, this article defines the term AI crime and classifies AI crime into 2 categories: AI as tool crime and AI as target crime, inspired by a taxonomy of cybercrime: Computer as tool crime and Computer as tool crime. Through the proposed taxonomy, foreseeable AI crimes are systematically studied and related forensic techniques are also addressed. We also analyze the characteristics of the AI crimes and present challenges that are difficult to be solved with the traditional forensic techniques. Finally, open issues are presented, with emphasis on the need to establish novel strategies for AI forensics.

show abstract

Section: Adversarial Attack Detectionmentioning

confidence: 99%

Artificial Intelligence Security Threat, Crime, and Forensics: Taxonomy and Open Issues

Jeong

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…This greatly increases the computational cost of the attack and makes it infeasible for evaluating the robustness of large models. Other methods, such as FGM [5], PGD [8,17] and DAA [74] attacks, reformulate the original norm minimization problem with non-convex misclassification constraint as non-convex surrogate loss minimization with convex l p -norm perturbation constraint as in Equation (2.15). For this "simpler" problem, projected gradient descent attack (PGD) is an optimal first-order adversary [17].…”

Section: Primal-dual Gradient Descent Attackmentioning

confidence: 99%

“…• We reimplemented Distributionally Adversarial Attack (DAA) [74]. We used Lagrangian Blob Attack algorithm.…”

Section: Attack Parametersmentioning

confidence: 99%

“…The models on CIFAR-10 achieve the following clean test accuracy (first 1000 images of the test set): plain 88.38% (89.4%), l ∞ -AT 79.9% (80.4%), and l 2 -AT 80.44% (80.7%).Attacks:We tested the robustness of each model wrt to l ∞ -, l 2 -, l 1 -, and l 0norm adversaries. We compared the performance of our attacks to attacks representing state-of-the-art for each norm: Brendel & Bethge attack (B&B, l ∞ -,l 2 -, l 1 -, l 0 -norms)[139]; Carlini-Wagner l 2 -attack (C&W, l 2 -norm)[18]; Decoupled Direction and Norm l 2 -attack (DDN, l 2 -norm)[72]; DeepFool (DF, l ∞ -, and l 2norm)[53]; Distributionally Adversarial Attack (DAA, l ∞ -norm)[74]; Elastic-net attack (l 1 -norm)[75]; Fast Adaptive Boundary Attack (FAB, l ∞ -, l 2 -, l 1 -norms)[54];…”

mentioning

confidence: 99%

See 1 more Smart Citation

Towards deep neural networks robust to adversarial examples

Matyasko¹

View full text Add to dashboard Cite

show abstract

“…Adversarial examples [40,47] are specifically manipulated inputs that are able to drastically change the model predictions with insignificant perturbations, which can barely be observed by humans. It's a thorn in the side of the modern machine learning community that undermines the reliability of DNN models in various domains [112][113][114][115][116][117][118][119] and settings [120][121][122][123][124][125], causing serious security issues in computer vision systems, like face recognition [126] and autonomous vehicle [127]. Therefore, a line of related research [47,48,51,77,85,[128][129][130][131] has attracted significant attention in the machine learning community.…”

Section: Adversarial Examplesmentioning

confidence: 99%

Towards robust inference against distribution shifts in computer vision

Tang¹

View full text Add to dashboard Cite

Hanwang Zhang. Without his patient guidance and continuous help, I would never have accomplished these research projects and published corresponding papers. He opened the door of academic research for me with his invaluable expertise. Before I met him, I was just a green hand that had a pretty bad taste of research and zero experience of publishing top-tier papers. However, he reinvented me with his immense knowledge and insightful support, which guided me to find my research topics, sharpen my critical thinking, build my academic skills and bring my work to a higher level. I would like to acknowledge my collaborators, Dr.

show abstract

Distributionally Adversarial Attack

Cited by 84 publications

References 8 publications

Artificial Intelligence Security Threat, Crime, and Forensics: Taxonomy and Open Issues

Artificial Intelligence Security Threat, Crime, and Forensics: Taxonomy and Open Issues

Towards deep neural networks robust to adversarial examples

Towards robust inference against distribution shifts in computer vision

Contact Info

Product

Resources

About