On the (Statistical) Detection of Adversarial Examples

Grosse, Kathrin; Manoharan, Praveen; Papernot, Nicolas; Backes, Michael; McDaniel, Patrick

doi:10.48550/arxiv.1702.06280

Cited by 203 publications

(312 citation statements)

References 20 publications

Supporting

Mentioning

291

Contrasting

Order By: Relevance

“…Szegedy et al [18] was the first work to report the vulnerability of DNN to adversarial samples where they introduced imperceptible adversarial perturbations to handwritten digits images and succeeded to fool the DNN model with high confidence. This discovery has prompted a number of studies in the computer vision community, where several attacks and defenses have been proposed [9,12,10]. There are some works [14,22,11] dealing with the transferability of adversarial attacks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems

Debicha,

Debatty,

Dricot

et al. 2021

Preprint

View full text Add to dashboard Cite

In the last decade, the use of Machine Learning techniques in anomaly-based intrusion detection systems has seen much success. However, recent studies have shown that Machine learning in general and deep learning specifically are vulnerable to adversarial attacks where the attacker attempts to fool models by supplying deceptive input. Research in computer vision, where this vulnerability was first discovered, has shown that adversarial images designed to fool a specific model can deceive other machine learning models. In this paper, we investigate the transferability of adversarial network traffic against multiple machine learning-based intrusion detection systems. Furthermore, we analyze the robustness of the ensemble intrusion detection system, which is notorious for its better accuracy compared to a single model, against the transferability of adversarial attacks. Finally, we examine Detect & Reject as a defensive mechanism to limit the effect of the transferability property of adversarial network traffic against machine learning-based intrusion detection systems.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The second defense we consider is the Detect & Reject method [10], which involves training our IDSs to detect not only "abnormal" and "normal" traffic, but also a third class called "adversarial". Thus, whenever the IDS decides that a network traffic record is adversarial, it is rejected.…”

Section: Defenses Against the Transferability Of Adversarial Attacksmentioning

confidence: 99%

Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems

Debicha,

Debatty,

Dricot

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Two-sample hypothesis testing plays a significant role in a variety of scientific applications, such as bioinformatics, social sciences, and image analysis (Fox and Dimmic, 2006;Osborne et al, 2013;Kohout and Pevnỳ, 2017). As we entering the big data era, high-dimensional and large-scale data is becoming prevalent, particulalry in machine learning and deep learning applications, and the attention to the two-sample testing method for large-scale data is also naturally increasing (Sutherland et al, 2016;Grosse et al, 2017;Carlini and Wagner, 2017;Gao et al, 2020).…”

Section: Introduction 1backgroundmentioning

confidence: 99%

A Fast and Effective Large-Scale Two-Sample Test Based on Kernels

Song,

Chen

2021

Preprint

View full text Add to dashboard Cite

Kernel two-sample tests have been widely used and the development of efficient methods for high-dimensional large-scale data is gaining more and more attention as we are entering the big data era. However, existing methods, such as the maximum mean discrepancy (MMD) and recently proposed kernel-based tests for large-scale data, are computationally intensive to implement and/or ineffective for some common alternatives for high-dimensional data. In this paper, we propose a new test that exhibits high power for a wide range of alternatives. Moreover, the new test is more robust to high dimensions than existing methods and does not require optimization procedures for the choice of kernel bandwidth and other parameters by data splitting. Numerical studies show that the new approach performs well in both synthetic and real world data.

show abstract

“…To achieve this goal, the defender can, for example, use some AA detection method to discard suspicious inputs. One approach to detect AAs [15,44], is to examine the input to the attacked model. Another approach, which we consider in this paper, is to examine the output of the attacked model.…”

Section: Introductionmentioning

confidence: 99%

Consistent Semantic Attacks on Optical Flow

Koren¹,

Talker²,

Dinerstein³

et al. 2021

Preprint

View full text Add to dashboard Cite

We present a novel approach for semantically targeted adversarial attacks on Optical Flow. In such attacks the goal is to corrupt the flow predictions of a specific object category or instance. Usually, an attacker seeks to hide the adversarial perturbations in the input. However, a quick scan of the output reveals the attack. In contrast, our method helps to hide the attacker's intent in the output as well. We achieve this thanks to a regularization term that encourages off-target consistency. We perform extensive tests on leading optical flow models to demonstrate the benefits of our approach in both white-box and black-box settings. Also, we demonstrate the effectiveness of our attack on subsequent tasks that depend on the optical flow.

show abstract

On the (Statistical) Detection of Adversarial Examples

Cited by 203 publications

References 20 publications

Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems

Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems

A Fast and Effective Large-Scale Two-Sample Test Based on Kernels

Consistent Semantic Attacks on Optical Flow

Contact Info

Product

Resources

About