A General Framework for Adversarial Examples with Objectives-Reference-Cited by-同舟云学术

A General Framework for Adversarial Examples with Objectives

Published:2019-07-19 Issue:3 Volume:22 Page:1-30
ISSN:2471-2566
Container-title:ACM Transactions on Privacy and Security
language:en
Short-container-title:ACM Trans. Priv. Secur.

Author:

Sharif Mahmood¹,Bhagavatula Sruti¹,Bauer Lujo¹,Reiter Michael K.²

Affiliation:

1. Carnegie Mellon University, Pittsburgh, PA, USA

2. University of North Carolina at Chapel Hill, North Carolina, USA

Abstract

Images perturbed subtly to be misclassified by neural networks, called adversarial examples , have emerged as a technically deep challenge and an important concern for several application domains. Most research on adversarial examples takes as its only constraint that the perturbed images are similar to the originals. However, real-world application of these ideas often requires the examples to satisfy additional objectives, which are typically enforced through custom modifications of the perturbation process. In this article, we propose adversarial generative nets (AGNs), a general methodology to train a generator neural network to emit adversarial examples satisfying desired objectives. We demonstrate the ability of AGNs to accommodate a wide range of objectives, including imprecise ones difficult to model, in two application domains. In particular, we demonstrate physical adversarial examples—eyeglass frames designed to fool face recognition—with better robustness, inconspicuousness, and scalability than previous approaches, as well as a new attack to fool a handwritten-digit classifier.

Funder

NSF

Google and Nvidia, and from Lockheed Martin and NATO through Carnegie Mellon CyLab

CyLab Presidential Fellowship and a Symantec Research Labs Fellowship

National Security Agency

Multidisciplinary University Research Initiative (MURI) Cyber Deception

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3317611

Reference79 articles.

1. Anish Athalye and Nicholas Carlini. 2018. On the robustness of the CVPR 2018 white-box adversarial example defenses. arXiv:1804.03286 (2018). Anish Athalye and Nicholas Carlini. 2018. On the robustness of the CVPR 2018 white-box adversarial example defenses. arXiv:1804.03286 (2018).

2. Autodesk. {n.d.}. Measuring light levels. Retrieved from https://goo.gl/hkBWbZ. Autodesk. {n.d.}. Measuring light levels. Retrieved from https://goo.gl/hkBWbZ.

Cited by 98 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Adversarial Infrared Curves: An attack on infrared pedestrian detectors in the physical world;Neural Networks;2024-10

2. Road Decals as Trojans: Disrupting Autonomous Vehicle Navigation with Adversarial Patterns;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S);2024-06-24

3. CaFA: Cost-aware, Feasible Attacks With Database Constraints Against Neural Tabular Classifiers;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

4. EAP: An effective black-box impersonation adversarial patch attack method on face recognition in the physical world;Neurocomputing;2024-05

5. DCVAE-adv: A Universal Adversarial Example Generation Method for White and Black Box Attacks;Tsinghua Science and Technology;2024-04