Corpus ID: 37082741

Analysis of universal adversarial perturbations

@article{MoosaviDezfooli2017AnalysisOU,
  title={Analysis of universal adversarial perturbations},
  author={Seyed-Mohsen Moosavi-Dezfooli and Alhussein Fawzi and Omar Fawzi and Pascal Frossard and Stefano Soatto},
  journal={ArXiv},
  year={2017},
  volume={abs/1705.09554}
}
Deep networks have recently been shown to be vulnerable to universal perturbations: there exist very small image-agnostic perturbations that cause most natural images to be misclassified by such classifiers. In this paper, we propose the first quantitative analysis of the robustness of classifiers to universal perturbations, and draw a formal link between the robustness to universal perturbations, and the geometry of the decision boundary. Specifically, we establish theoretical bounds on the… Expand
The Robustness of Deep Networks: A Geometrical Perspective
TLDR
The goal of this article is to discuss the robustness of deep networks to a diverse set of perturbation that may affect the samples in practice, including adversarial perturbations, random noise, and geometric transformations. Expand
A geometric perspective on 
 the robustness of deep networks
Deep neural networks have recently shown impressive classification performance on a diverse set of visual tasks. When deployed in real-world (noise-prone) environments, it is equally important thatExpand
Fast Universal Adversarial Perturbation
  • Bingxuan Wang, Jian Qi
  • Computer Science
  • 2019 2nd International Conference on Information Systems and Computer Aided Education (ICISCAE)
  • 2019
TLDR
A fast UAP method is proposed, which significantly improves the former's efficiency and generates a universal perturbation in a mini-batch way with respect to a certain deep classifier, based on multiDeepFool, a newly proposed method that computes an adversarial example for a batch of inputs. Expand
Universal Adversarial Training
TLDR
This work proposes universal adversarial training, which models the problem of robust classifier generation as a two-player min-max game, and produces robust models with only 2X the cost of natural training. Expand
A Method for Computing Class-wise Universal Adversarial Perturbations
TLDR
An algorithm for computing class-specific universal adversarial perturbations for deep neural networks that employs a perturbation that is a linear function of weights of the neural network and hence can be computed much faster. Expand
Defense Against Universal Adversarial Perturbations
TLDR
A rigorous evaluation shows that the first dedicated framework to effectively defend the network classifiers against unseen adversarial perturbations in the real-world scenarios with up to 97.5% success rate. Expand
Principal Component Adversarial Example
TLDR
This paper proposes a new concept, called the adversarial region, which explains the existence of adversarial examples as perturbations perpendicular to the tangent plane of the data manifold, and proposes a novel target-free method to generate adversarialExamples via principal component analysis. Expand
A Geometric Perspective on the Transferability of Adversarial Directions
TLDR
It is shown that in the context of linear classifiers and two-layer ReLU networks, there provably exist directions that give rise to adversarial perturbations for many classifier and data points simultaneously, and these "transferable adversarial directions" are guaranteed to exist for linear separators of a given set. Expand
Universal Adversarial Perturbation for Text Classification
TLDR
This work proposes an algorithm to compute universal adversarial perturbations, and shows that the state-of-the-art deep neural networks are highly vulnerable to them, even though they keep the neighborhood of tokens mostly preserved. Expand
Understanding Adversarial Examples From the Mutual Influence of Images and Perturbations
TLDR
This work uses the DNN logits as a vector for feature representation, and utilizes this vector representation to understand adversarial examples by disentangling the clean images and adversarial perturbations, and analyze their influence on each other. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 18 REFERENCES
Universal Adversarial Perturbations
TLDR
The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of classifiers and outlines potential security breaches with the existence of single directions in the input space that adversaries can possibly exploit to break a classifier on most natural images. Expand
Analysis of classifiers’ robustness to adversarial perturbations
TLDR
A general upper bound on the robustness of classifiers to adversarial perturbations is established, and the phenomenon of adversarial instability is suggested to be due to the low flexibility ofclassifiers, compared to the difficulty of the classification task (captured mathematically by the distinguishability measure). Expand
Robustness of classifiers: from adversarial to random noise
TLDR
This paper proposes the first quantitative analysis of the robustness of nonlinear classifiers in this general noise regime, and establishes precise theoretical bounds on the robustity of classifier's decision boundary, which depend on the curvature of the classifiers' decision boundary. Expand
Exploring the space of adversarial images
  • Pedro Tabacof, E. Valle
  • Computer Science
  • 2016 International Joint Conference on Neural Networks (IJCNN)
  • 2016
TLDR
This work formalizes the problem of adversarial images given a pretrained classifier, showing that even in the linear case the resulting optimization problem is nonconvex and that a shallow classifier seems more robust to adversarial pictures than a deep convolutional network. Expand
A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples
TLDR
It is shown that the adversarial strength observed in practice is directly dependent on the level of regularisation used and the strongest adversarial examples, symptomatic of overfitting, can be avoided by using a proper level ofRegularisation. Expand
Explaining and Harnessing Adversarial Examples
TLDR
It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets. Expand
Intriguing properties of neural networks
TLDR
It is found that there is no distinction between individual highlevel units and random linear combinations of high level units, according to various methods of unit analysis, and it is suggested that it is the space, rather than the individual units, that contains of the semantic information in the high layers of neural networks. Expand
Exponential expressivity in deep neural networks through transient chaos
TLDR
The theoretical analysis of the expressive power of deep networks broadly applies to arbitrary nonlinearities, and provides a quantitative underpinning for previously abstract notions about the geometry of deep functions. Expand
Network In Network
TLDR
With enhanced local modeling via the micro network, the proposed deep network structure NIN is able to utilize global average pooling over feature maps in the classification layer, which is easier to interpret and less prone to overfitting than traditional fully connected layers. Expand
On the Number of Linear Regions of Deep Neural Networks
We study the complexity of functions computable by deep feedforward neural networks with piecewise linear activations in terms of the symmetries and the number of linear regions that they have. DeepExpand
...
1
2
...