Corpus ID: 58006571

The Limitations of Adversarial Training and the Blind-Spot Attack

@article{Zhang2019TheLO,
  title={The Limitations of Adversarial Training and the Blind-Spot Attack},
  author={Huan Zhang and Hongge Chen and Zhao Song and D. Boning and I. Dhillon and Cho-Jui Hsieh},
  journal={ArXiv},
  year={2019},
  volume={abs/1901.04684}
}
The adversarial training procedure proposed by Madry et al. (2018) is one of the most effective methods to defend against adversarial examples in deep neural networks (DNNs). In our paper, we shed some lights on the practicality and the hardness of adversarial training by showing that the effectiveness (robustness on test set) of adversarial training has a strong correlation with the distance between a test point and the manifold of training data embedded by the network. Test examples that are… Expand
Benchmarking Adversarial Robustness on Image Classification
  • Yinpeng Dong, Qi-An Fu, +4 authors Jun Zhu
  • Computer Science
  • 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
  • 2020
TLDR
A comprehensive, rigorous, and coherent benchmark to evaluate adversarial robustness on image classification tasks is established and several important findings are drawn that can provide insights for future research. Expand
Local Competition and Uncertainty for Adversarial Robustness in Deep Learning
TLDR
This work argues that novel local winner-takes-all (LWTA) nonlinearities, combined with posterior sampling schemes, can greatly improve the adversarial robustness of traditional deep networks against difficult adversarial attack schemes. Expand
Attack Agnostic Adversarial Defense via Visual Imperceptible Bound
TLDR
This research aims to design a defense model that is robust within a certain bound against both seen and unseen adversarial attacks, related to the visual appearance of an image, and is termed as Visual Imperceptible Bound (VIB). Expand
Threat of Adversarial Attacks on Deep Learning in Computer Vision: Survey II
TLDR
A literature review of the contributions made by the computer vision community in adversarial attacks on deep learning until the advent of year 2018, which focuses on the advances in this area since 2018. Expand
Advances in adversarial attacks and defenses in computer vision: A survey
Deep Learning (DL) is the most widely used tool in the contemporary field of computer vision. Its ability to accurately solve complex problems is employed in vision research to learn deep neuralExpand
Explore the Transformation Space for Adversarial Images
TLDR
This paper focuses on adversarial images generated by transformations and proposes two gradient-based attacks using the similarity between transformations and the Structural Similarity Index to explore adversarial examples exist beyond \(L^p\)-norm balls and their implications for attacks and defenses. Expand
Deep Repulsive Prototypes for Adversarial Robustness
TLDR
This paper proposes to train models on output spaces with large class separation in order to gain robustness without adversarial training, and introduces a method to partition the output space into class prototypes with large separation and train models to preserve it. Expand
Cognitive data augmentation for adversarial defense via pixel masking
TLDR
The proposed PixelMask based data augmentation approach improves the classification performance on adversarially perturbed images and can be combined with any deep neural network (DNN) architecture to increase the robustness. Expand
Adversarial Visual Robustness by Causal Intervention
TLDR
This paper provides a causal viewpoint of adversarial vulnerability: the cause is the confounder ubiquitously existing in learning, where attackers are precisely exploiting the confounding effect, and proposes to use the instrumental variable that achieves intervention without the need for confoundinger observation. Expand
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks
TLDR
It is shown that the success rate of generating white-box attacks by the proposed ensemble of diverse specialized CNNs is remarkably decreased compared to a vanilla CNN and an ensemble of vanilla CNNs, highlighting the beneficial role of diversity in the ensemble for developing more robust models. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 50 REFERENCES
Towards Deep Learning Models Resistant to Adversarial Attacks
TLDR
This work studies the adversarial robustness of neural networks through the lens of robust optimization, and suggests the notion of security against a first-order adversary as a natural and broad security guarantee. Expand
Adversarial Machine Learning at Scale
TLDR
This research applies adversarial training to ImageNet and finds that single-step attacks are the best for mounting black-box attacks, and resolution of a "label leaking" effect that causes adversarially trained models to perform better on adversarial examples than on clean examples. Expand
Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality
TLDR
The analysis of the LID characteristic for adversarial regions not only motivates new directions of effective adversarial defense, but also opens up more challenges for developing new attacks to better understand the vulnerabilities of DNNs. Expand
PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples
Adversarial perturbations of normal images are usually imperceptible to humans, but they can seriously confuse state-of-the-art machine learning models. What makes them so special in the eyes ofExpand
Generating Adversarial Examples with Adversarial Networks
TLDR
AdvGAN is proposed to generate adversarial examples with generative adversarial networks (GANs), which can learn and approximate the distribution of original instances, and has high attack success rate under state-of-the-art defenses compared to other attacks. Expand
Ensemble Adversarial Training: Attacks and Defenses
TLDR
This work finds that adversarial training remains vulnerable to black-box attacks, where perturbations computed on undefended models are transferred to a powerful novel single-step attack that escapes the non-smooth vicinity of the input data via a small random step. Expand
Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models
TLDR
The proposed Defense-GAN, a new framework leveraging the expressive capability of generative models to defend deep neural networks against adversarial perturbations, is empirically shown to be consistently effective against different attack methods and improves on existing defense strategies. Expand
Generative Adversarial Examples
TLDR
The empirical results on the MNIST, SVHN, and CelebA datasets show that generative adversarial examples can easily bypass strong adversarial training and certified defense methods which can foil existing adversarial attacks. Expand
Mitigating adversarial effects through randomization
TLDR
This paper proposes to utilize randomization at inference time to mitigate adversarial effects, and uses two randomization operations: random resizing, which resizes the input images to a random size, and random padding, which pads zeros around the input image in a random manner. Expand
Certified Defenses against Adversarial Examples
TLDR
This work proposes a method based on a semidefinite relaxation that outputs a certificate that for a given network and test input, no attack can force the error to exceed a certain value, providing an adaptive regularizer that encourages robustness against all attacks. Expand
...
1
2
3
4
5
...