The LogBarrier Adversarial Attack: Making Effective Use of Decision Boundary Information

Finlay, Chris; Pooladian, Aram-Alexandre; Oberman, Adam M.

doi:10.1109/iccv.2019.00496

Cited by 21 publications

(13 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Adversarial examples are first observed in [27] and subsequently efficient gradient based attacks such as fgsm [12] and pgd [19] are introduced. There exist recent stronger attacks such as [6,9], however, compared to pgd, they are much slower to be used for adversarial training in practice. Some recent works focus on adversarial robustness of bnns [5,10,17,18], however, a strong consensus on the robustness properties of quantized networks is lacking.…”

Section: Related Workmentioning

confidence: 99%

Improved Gradient based Adversarial Attacks for Quantized Networks

Gupta¹,

Ajanthan²

2020

Preprint

View full text Add to dashboard Cite

Neural network quantization has become increasingly popular due to efficient memory consumption and faster computation resulting from bitwise operations on the quantized networks. Even though they exhibit excellent generalization capabilities, their robustness properties are not well-understood. In this work, we systematically study the robustness of quantized networks against gradient based adversarial attacks and demonstrate that these quantized models suffer from gradient vanishing issues and show a fake sense of security. By attributing gradient vanishing to poor forward-backward signal propagation in the trained network, we introduce a simple temperature scaling approach to mitigate this issue while preserving the decision boundary. Despite being a simple modification to existing gradient based adversarial attacks, experiments on CIFAR-10/100 datasets with VGG-16 and ResNet-18 networks demonstrate that our temperature scaled attacks obtain near-perfect success rate on quantized networks while outperforming original attacks on adversarially trained models as well as floating-point networks.

show abstract

Section: Related Workmentioning

confidence: 99%

Improved Gradient based Adversarial Attacks for Quantized Networks

Gupta¹,

Ajanthan²

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…At test time, it is possible to design a specific invisible perturbation such as a targeted network eventually predicts different outputs on original and disturbed input. Computer vision is especially concerned with accuracy of unprotected network dropping close to 0% under state of the art attack [12] but other fields are concerned (e.g. [13] highlights this issue in cyber security context with performance of a malware detector dropping from 87% to 66% on adversarial malwares).…”

Section: A Adversarial Examplesmentioning

confidence: 99%

Symmetric adversarial poisoning against deep learning

Chan-Hon-Tong¹

2020

2020 Tenth International Conference on Image Processing Theory, Tools and Applications (IPTA)

View full text Add to dashboard Cite

Data poisoning is known as the goal of finding small modification of training data which make them not suitable anymore for training the targeted model. Recently, an efficient symmetric poisoning attack targeting frozen deep features plus support vector machine has been found.However, new experiments presented in this paper shows that this attack is not symmetric anymore on unfrozen/real deep networks.Then, several extensions of this attack are considered on CIFAR10/CIFAR100 with both VGG and ResNet backbone leading to a symmetric attack. On VGG/CIFAR10 setting, this extended attack makes performances moving by -60%,+5% from native accuracy using perturbations invisible to human eyes.A discussion on this success and on the failure of the 3 other methods is also presented.

show abstract

“…Classification attacks. In [FPO19] we implemented to the barrier method from constrained optimization [NW06] to perform the classification attack (8.1). While attacks vectors are normally small enough to be invisible, for some images, gradient based attacks are visible.…”

Section: Adversarial Attacksmentioning

confidence: 99%

Partial differential equation regularization for supervised machine learning

Oberman¹

2019

Preprint

View full text Add to dashboard Cite

This article is an overview of supervised machine learning problems for regression and classification. Topics include: kernel methods, training by stochastic gradient descent, deep learning architecture, losses for classification, statistical learning theory, and dimension independent generalization bounds. Implicit regularization in deep learning examples are presented, including data augmentation, adversarial training, and additive noise. These methods are reframed as explicit gradient regularization.

show abstract

The LogBarrier Adversarial Attack: Making Effective Use of Decision Boundary Information

Cited by 21 publications

References 9 publications

Improved Gradient based Adversarial Attacks for Quantized Networks

Improved Gradient based Adversarial Attacks for Quantized Networks

Symmetric adversarial poisoning against deep learning

Partial differential equation regularization for supervised machine learning

Contact Info

Product

Resources

About