Nicolas Papernot

Publications
Influence

The Limitations of Deep Learning in Adversarial Settings

Nicolas Papernot, P. McDaniel, S. Jha, Matt Fredrikson, Z. Y. Celik, A. Swami
Computer Science, Mathematics
IEEE European Symposium on Security and Privacy…
24 November 2015

We formalize the space of adversaries against deep neural networks (DNN) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs. Expand

2,005
291
PDF

Ensemble Adversarial Training: Attacks and Defenses

Florian Tramèr, Alexey Kurakin, Nicolas Papernot, D. Boneh, P. McDaniel
Computer Science, Mathematics
ICLR
19 May 2017

Adversarial training remains vulnerable to black-box attacks, where we transfer perturbations computed on undefended models, as well as to a powerful novel single-step attack that escapes the non-smooth vicinity of the input data via a small random step. Expand

1,210
183
PDF

Practical Black-Box Attacks against Machine Learning

Nicolas Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. Y. Celik, A. Swami
Computer Science
AsiaCCS
8 February 2016

We demonstrate that black-box attacks against DNN classifiers are practical for real-world adversaries with no such knowledge. Expand

1,667
151
PDF

Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks

Nicolas Papernot, P. McDaniel, Xi Wu, S. Jha, A. Swami
Computer Science, Mathematics
IEEE Symposium on Security and Privacy (SP)
14 November 2015

We introduce a defensive mechanism called defensive distillation to reduce the effectiveness of adversarial samples on DNNs. Expand

1,649
145
PDF

MixMatch: A Holistic Approach to Semi-Supervised Learning

David Berthelot, Nicholas Carlini, I. Goodfellow, Nicolas Papernot, A. Oliver, Colin Raffel
Computer Science, Mathematics
NeurIPS
6 May 2019

We unify the current dominant approaches for semi-supervised learning to produce a new algorithm, MixMatch, that works by guessing low-entropy labels for data-augmented unlabeled examples and mixing data using MixUp. Expand

Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples

Nicolas Papernot, P. McDaniel, I. Goodfellow
Computer Science
ArXiv
24 May 2016

We introduce new transferability attacks between previously unexplored (substitute, victim) pairs of machine learning model classes, most notably SVMs and decision trees. Expand

Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data

Nicolas Papernot, Martín Abadi, Ú. Erlingsson, I. Goodfellow, Kunal Talwar
Computer Science, Mathematics
ICLR
18 October 2016

This paper shows how this strategy’s privacy guarantees apply to any model, including non-convex models like DNNs. Expand

Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples

Nicolas Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. Y. Celik, A. Swami
Computer Science
ArXiv
8 February 2016

We introduce the first practical demonstration that this cross-model transfer phenomenon enables attackers to control a remotely hosted DNN with no access to the model, its parameters, or its training data. Expand

Adversarial Examples for Malware Detection

Kathrin Grosse, Nicolas Papernot, P. Manoharan, M. Backes, P. McDaniel
Computer Science
ESORICS
11 September 2017

We show that android malware detection that uses neural networks, with performance comparable to the state-of-the-art, is easy to deceive with adversarial examples. Expand

Adversarial Attacks on Neural Network Policies

Sandy H. Huang, Nicolas Papernot, I. Goodfellow, Yan Duan, P. Abbeel
Computer Science, Mathematics
ICLR
8 February 2017

We show adversarial example crafting techniques can be used to significantly degrade test-time performance of neural network policies in reinforcement learning. Expand

Recommended Authors