Skip to search formSkip to main contentSkip to account menu

Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning

This work considers a new type of attacks, called backdoor attacks, where the attacker's goal is to create a backdoor into a learning-based authentication system, so that he can easily circumvent the system by leveraging the backdoor.
View PDF on arXiv (opens in a new tab)

Robust Physical-World Attacks on Deep Learning Visual Classification

This work proposes a general attack algorithm, Robust Physical Perturbations (RP2), to generate robust visual adversarial perturbations under different physical conditions and shows that adversarial examples generated using RP2 achieve high targeted misclassification rates against standard-architecture road sign classifiers in the physical world under various environmental conditions, including viewpoints.
View on IEEE (opens in a new tab)

Towards Stable and Efficient Training of Verifiably Robust Neural Networks

CROWN-IBP is computationally efficient and consistently outperforms IBP baselines on training verifiably robust neural networks, and outperform all previous linear relaxation and bound propagation based certified defenses in $\ell_\infty$ robustness.
View PDF on arXiv (opens in a new tab)

Generating Adversarial Examples with Adversarial Networks

Adversarial examples generated by AdvGAN on different target models have high attack success rate under state-of-the-art defenses compared to other attacks, and have placed the first with 92.76% accuracy on a public MNIST black-box attack challenge.
View PDF on arXiv (opens in a new tab)

Spatially Transformed Adversarial Examples

Perturbations generated through spatial transformation could result in large $\mathcal{L}_p$ distance measures, but the extensive experiments show that such spatially transformed adversarial examples are perceptually realistic and more difficult to defend against with existing defense systems.
View PDF on arXiv (opens in a new tab)

Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks

This paper proposes a novel defense framework Neural Attention Distillation (NAD), which utilizes a teacher network to guide the finetuning of the backdoored student network on a small clean subset of data such that the intermediate-layer attention of the student network aligns with that of the teacher network.
View PDF on arXiv (opens in a new tab)

Physical Adversarial Examples for Object Detectors

This work improves upon a previous physical attack on image classifiers, and creates perturbed physical objects that are either ignored or mislabeled by object detection models, and implements a Disappearance Attack, which causes a Stop sign to "disappear" according to the detector.
View PDF on arXiv (opens in a new tab)

Characterizing Audio Adversarial Examples Using Temporal Dependency

The results reveal the importance of using the temporal dependency in audio data to gain discriminate power against adversarial examples and offer novel insights in exploiting domain-specific data properties to mitigate negative effects of adversarialExamples.
View PDF on arXiv (opens in a new tab)

Robust Physical-World Attacks on Deep Learning Models

This work proposes a general attack algorithm,Robust Physical Perturbations (RP2), to generate robust visual adversarial perturbations under different physical conditions and shows that adversarial examples generated using RP2 achieve high targeted misclassification rates against standard-architecture road sign classifiers in the physical world under various environmental conditions, including viewpoints.
View PDF on arXiv (opens in a new tab)

Robust Physical-World Attacks on Machine Learning Models

This paper proposes a new attack algorithm--Robust Physical Perturbations (RP2)-- that generates perturbations by taking images under different conditions into account and can create spatially-constrained perturbation that mimic vandalism or art to reduce the likelihood of detection by a casual observer.
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)