• Corpus ID: 52309169

Constructing Unrestricted Adversarial Examples with Generative Models

@inproceedings{Song2018ConstructingUA,
  title={Constructing Unrestricted Adversarial Examples with Generative Models},
  author={Yang Song and Rui Shu and Nate Kushman and Stefano Ermon},
  booktitle={NeurIPS},
  year={2018}
}
Adversarial examples are typically constructed by perturbing an existing data point within a small matrix norm, and current defense methods are focused on guarding against this type of attack. In this paper, we propose unrestricted adversarial examples, a new threat model where the attackers are not restricted to small norm-bounded perturbations. Different from perturbation-based attacks, we propose to synthesize unrestricted adversarial examples entirely from scratch using conditional… 

Figures and Tables from this paper

Generating Unrestricted Adversarial Examples via Three Parameters
TLDR
The proposed adversarial attack generates an unrestricted adversarial example with a limited number of parameters, which preserves the image appearance and improves model robustness against a randomly transformed image.
Synthesizing Unrestricted False Positive Adversarial Objects Using Generative Models
TLDR
This is the first work to study unrestricted false positive adversarial examples for object detection, using off-the-shelf Generative Adversarial Networks (GAN) without requiring any further training or modification.
On The Generation of Unrestricted Adversarial Examples
  • Mehrgan Khoshpasand, A. Ghorbani
  • Computer Science
    2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)
  • 2020
TLDR
It is demonstrated that even the state-of-the-art MNIST classifiers are vulnerable to the adversarial examples generated with this technique, and it is hoped that new proposed defences use this attack to evaluate the robustness of their models against unrestricted attacks.
EGM: An Efficient Generative Model for Unrestricted Adversarial Examples
TLDR
A novel decoupled two-step efficient generative model (EGM), which contains a conditional reference generator and a conditional adversarial transformer, and a new strategy, augmentation of adversarial labels, to produce dynamic target labels and enhance the exploration ability of EGM.
AT-GAN: AN ADVERSARIAL GENERATIVE MODEL
  • Computer Science
  • 2020
TLDR
AT-GAN (Adversarial Transfer on Generative Adversarial Net) is proposed to train an adversarial generative model that can directly produce adversarial examples and can efficiently generate diverse adversarialExamples that are realistic to human perception, and yields higher attack success rates against adversarially trained models.
AT-GAN: An Adversarial Generator Model for Non-constrained Adversarial Examples
TLDR
This work proposes a novel attack framework called AT-GAN (Adversarial Transfer on Generative Adversarial Net), which first develops a normal GAN model to learn the distribution of benign data, and then transfers the pre-trained GANmodel to estimate the distributed distribution of adversarial examples for the target model.
Latent Adversarial Defence with Boundary-guided Generation
TLDR
The proposed LAD method improves the robustness of a DNN model through adversarial training on generated adversarial examples through adding perturbations to latent features along the normal of the decision boundary which is constructed by an SVM with an attention mechanism.
Generating Realistic Unrestricted Adversarial Inputs using Dual-Objective GAN Training
TLDR
This work introduces a novel algorithm to generate realistic unrestricted adversarial inputs, in the sense that they cannot reliably be distinguished from the training dataset by a human, and finds that human judges are unable to identify which image out of ten was generated by the method about 50 percent of the time.
GAP++: Learning to generate target-conditioned adversarial examples
TLDR
This work proposes a more general-purpose framework which infers target-conditioned perturbations dependent on both input image and target label and achieves superior performance with single target attack models and obtains high fooling rates with small perturbation norms.
The Defense of Adversarial Example with Conditional Generative Adversarial Networks
TLDR
An image-to-image translation model to defend against adversarial examples based on a conditional generative adversarial network which consists of a generator and a discriminator and can map the adversarial images to the clean images, which are then fed to the target deep learning model.
...
...

References

SHOWING 1-10 OF 55 REFERENCES
Generating Adversarial Examples with Adversarial Networks
TLDR
Adversarial examples generated by AdvGAN on different target models have high attack success rate under state-of-the-art defenses compared to other attacks, and have placed the first with 92.76% accuracy on a public MNIST black-box attack challenge.
Generating Natural Adversarial Examples
TLDR
This paper proposes a framework to generate natural and legible adversarial examples that lie on the data manifold, by searching in semantic space of dense and continuous data representation, utilizing the recent advances in generative adversarial networks.
Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models
TLDR
The proposed Defense-GAN, a new framework leveraging the expressive capability of generative models to defend deep neural networks against adversarial perturbations, is empirically shown to be consistently effective against different attack methods and improves on existing defense strategies.
Adversarial Transformation Networks: Learning to Generate Adversarial Examples
TLDR
This work efficiently train feed-forward neural networks in a self-supervised manner to generate adversarial examples against a target network or set of networks, and calls such a network an Adversarial Transformation Network (ATN).
Adversarial Machine Learning at Scale
TLDR
This research applies adversarial training to ImageNet and finds that single-step attacks are the best for mounting black-box attacks, and resolution of a "label leaking" effect that causes adversarially trained models to perform better on adversarial examples than on clean examples.
Semantic Adversarial Examples
TLDR
This paper introduces a new class of adversarial examples, namely "Semantic Adversarial Examples," as images that are arbitrarily perturbed to fool the model, but in such a way that the modified image semantically represents the same object as the original image.
Provable defenses against adversarial examples via the convex outer adversarial polytope
TLDR
A method to learn deep ReLU-based classifiers that are provably robust against norm-bounded adversarial perturbations, and it is shown that the dual problem to this linear program can be represented itself as a deep network similar to the backpropagation network, leading to very efficient optimization approaches that produce guaranteed bounds on the robust loss.
Towards Deep Learning Models Resistant to Adversarial Attacks
TLDR
This work studies the adversarial robustness of neural networks through the lens of robust optimization, and suggests the notion of security against a first-order adversary as a natural and broad security guarantee.
Delving into Transferable Adversarial Examples and Black-box Attacks
TLDR
This work is the first to conduct an extensive study of the transferability over large models and a large scale dataset, and it is also theFirst to study the transferabilities of targeted adversarial examples with their target labels.
Generative Adversarial Trainer: Defense to Adversarial Perturbations with GAN
TLDR
This work proposes a novel technique to make neural network robust to adversarial examples using a generative adversarial network and applies this method to supervised learning for CIFAR datasets, which is the first method which uses GAN to improve supervised learning.
...
...