Review of Artificial Intelligence Adversarial Attack and Defense Technologies

Qiu, Shilin; Liu, Qihe; Zhou, Shijie; Wu, Chunjiang

doi:10.3390/app9050909

Cited by 284 publications

(173 citation statements)

References 50 publications

Supporting

Mentioning

139

Contrasting

Order By: Relevance

“…While such explanations are not precise, they are able to draw attention to key drivers emergent in the AI decisionmaking. Similarly "adversarial testing" is an approach whereby people try to "break" an AI or make it make very wrong decisions (Qiu et al, 2019).…”

Section: Technological Innovationsmentioning

confidence: 99%

Improving public services using artificial intelligence: possibilities, pitfalls, governance

Henman

2020

Asia Pacific Journal of Public Administration

121

View full text Add to dashboard Cite

Artificial intelligence arising from the use of machine learning is rapidly being developed and deployed by governments to enhance operations, public services, and compliance and security activities. This article reviews how artificial intelligence is being used in public sector for automated decision making, for chatbots to provide information and advice, and for public safety and security. It then outlines four public administration challenges to deploying artificial intelligence in public administration: accuracy, bias and discrimination; legality, due process and administrative justice; responsibility, accountability, transparency and explainability; and power, compliance and control. The article outlines technological and governance innovations that are being developed to address these challenges.

show abstract

Section: Technological Innovationsmentioning

confidence: 99%

Improving public services using artificial intelligence: possibilities, pitfalls, governance

Henman

2020

Asia Pacific Journal of Public Administration

121

View full text Add to dashboard Cite

show abstract

“…Since then, adversarial attacks and defenses have become an active research field. The readers can refer to (Qiu et al 2019;Yuan et al 2019) for a comprehensive review and we summarize only the works related to adversarial attacks (Akhtar and Mian 2018) in this section. There are different ways to categorize attacks, such as targeted and non-targeted attacks, or white-box and blackbox attacks.…”

Section: Related Workmentioning

confidence: 99%

CD-UAP: Class Discriminative Universal Adversarial Perturbation

Zhang

Benz

Imtiaz

et al. 2020

AAAI

View full text Add to dashboard Cite

A single universal adversarial perturbation (UAP) can be added to all natural images to change most of their predicted class labels. It is of high practical relevance for an attacker to have flexible control over the targeted classes to be attacked, however, the existing UAP method attacks samples from all classes. In this work, we propose a new universal attack method to generate a single perturbation that fools a target network to misclassify only a chosen group of classes, while having limited influence on the remaining classes. Since the proposed attack generates a universal adversarial perturbation that is discriminative to targeted and non-targeted classes, we term it class discriminative universal adversarial perturbation (CD-UAP). We propose one simple yet effective algorithm framework, under which we design and compare various loss function configurations tailored for the class discriminative universal attack. The proposed approach has been evaluated with extensive experiments on various benchmark datasets. Additionally, our proposed approach achieves state-of-the-art performance for the original task of UAP attacking all classes, which demonstrates the effectiveness of our approach.

show abstract

“…• targeted attack -the adversary changes the output classification of input to the desired one; • untargeted attack -the adversary leads to misclassification of input. In [8], the classification of attacks based on what is known about the neural network is provided. In white-box attacks, parameters of the model, as well as its structure and training procedure, are known.…”

Section: A the Concept Of Adversarial Attacksmentioning

confidence: 99%

On Adversarial Patches: Real-World Attack on ArcFace-100 Face Recognition System

Pautov¹,

Melnikov²,

Kaziakhmedov³

et al. 2019

2019 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)

View full text Add to dashboard Cite

Recent works showed the vulnerability of image classifiers to adversarial attacks in the digital domain. However, the majority of attacks involve adding small perturbation to an image to fool the classifier. Unfortunately, such procedures can not be used to conduct a real-world attack, where adding an adversarial attribute to the photo is a more practical approach.In this paper, we study the problem of real-world attacks on face recognition systems. We examine security of one of the best public face recognition systems, LResNet100E-IR with ArcFace loss, and propose a simple method to attack it in the physical world. The method suggests creating an adversarial patch that can be printed, added as a face attribute and photographed; the photo of a person with such attribute is then passed to the classifier such that the classifier's recognized class changes from correct to the desired one. Proposed generating procedure allows projecting adversarial patches not only on different areas of the face, such as nose or forehead but also on some wearable accessory, such as eyeglasses.

show abstract

Review of Artificial Intelligence Adversarial Attack and Defense Technologies

Cited by 284 publications

References 50 publications

Improving public services using artificial intelligence: possibilities, pitfalls, governance

Improving public services using artificial intelligence: possibilities, pitfalls, governance

CD-UAP: Class Discriminative Universal Adversarial Perturbation

On Adversarial Patches: Real-World Attack on ArcFace-100 Face Recognition System

Contact Info

Product

Resources

About