• Publications
  • Influence
The Limitations of Deep Learning in Adversarial Settings
TLDR
We formalize the space of adversaries against deep neural networks (DNN) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs. Expand
  • 2,005
  • 291
  • PDF
Ensemble Adversarial Training: Attacks and Defenses
TLDR
Adversarial training remains vulnerable to black-box attacks, where we transfer perturbations computed on undefended models, as well as to a powerful novel single-step attack that escapes the non-smooth vicinity of the input data via a small random step. Expand
  • 1,210
  • 183
  • PDF
Practical Black-Box Attacks against Machine Learning
TLDR
We demonstrate that black-box attacks against DNN classifiers are practical for real-world adversaries with no such knowledge. Expand
  • 1,667
  • 151
  • PDF
Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks
TLDR
We introduce a defensive mechanism called defensive distillation to reduce the effectiveness of adversarial samples on DNNs. Expand
  • 1,649
  • 145
  • PDF
MixMatch: A Holistic Approach to Semi-Supervised Learning
TLDR
We unify the current dominant approaches for semi-supervised learning to produce a new algorithm, MixMatch, that works by guessing low-entropy labels for data-augmented unlabeled examples and mixing data using MixUp. Expand
  • 556
  • 122
  • PDF
Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
TLDR
We introduce new transferability attacks between previously unexplored (substitute, victim) pairs of machine learning model classes, most notably SVMs and decision trees. Expand
  • 888
  • 80
  • PDF
Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data
TLDR
This paper shows how this strategy’s privacy guarantees apply to any model, including non-convex models like DNNs. Expand
  • 435
  • 70
  • PDF
Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples
TLDR
We introduce the first practical demonstration that this cross-model transfer phenomenon enables attackers to control a remotely hosted DNN with no access to the model, its parameters, or its training data. Expand
  • 382
  • 44
  • PDF
Adversarial Examples for Malware Detection
TLDR
We show that android malware detection that uses neural networks, with performance comparable to the state-of-the-art, is easy to deceive with adversarial examples. Expand
  • 246
  • 30
  • PDF
Adversarial Attacks on Neural Network Policies
TLDR
We show adversarial example crafting techniques can be used to significantly degrade test-time performance of neural network policies in reinforcement learning. Expand
  • 343
  • 29
  • PDF
...
1
2
3
4
5
...