Dongyu Meng scite author profile

Deep learning has shown impressive performance on hard perceptual problems. However, researchers found deep learning systems to be vulnerable to small, specially crafted perturbations that are imperceptible to humans. Such perturbations cause deep learning systems to mis-classify adversarial examples, with potentially disastrous consequences where safety or security is crucial. Prior defenses against adversarial examples either targeted specific attacks or were shown to be ineffective.We propose MagNet, a framework for defending neural network classifiers against adversarial examples. MagNet neither modifies the protected classifier nor requires knowledge of the process for generating adversarial examples. MagNet includes one or more separate detector networks and a reformer network. The detector networks learn to differentiate between normal and adversarial examples by approximating the manifold of normal examples. Since they assume no specific process for generating adversarial examples, they generalize well. The reformer network moves adversarial examples towards the manifold of normal examples, which is effective for correctly classifying adversarial examples with small perturbation. We discuss the intrinsic difficulties in defending against whitebox attack and propose a mechanism to defend against graybox attack. Inspired by the use of randomness in cryptography, we use diversity to strengthen MagNet. We show empirically that Mag-Net is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples. CCS CONCEPTS• Security and privacy → Domain-specific security and privacy architectures; • Computing methodologies → Neural networks;KEYWORDS adversarial example, neural network, autoencoder arXiv:1705.09064v2 [cs.CR]

show abstract

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

Aghakhani

Meng

Wang

et al. 2021

View full text Add to dashboard Cite

A recent source of concern for the security of neural networks is the emergence of clean-label dataset poisoning attacks, wherein correctly labeled poisoned samples are injected in the training dataset. While these poisons look legitimate to the human observer, they contain malicious characteristics that trigger a targeted misclassification during inference. We propose a scalable and transferable clean-label attack, Bullseye Polytope, which creates poison images centered around the target image in the feature space. Bullseye Polytope improves the attack success rate of the current stateof-the-art by 26.75% in end-to-end training, while increasing attack speed by a factor of 12. We further extend Bullseye Polytope to a more practical attack model by including multiple images of the same object (e.g., from different angles) in crafting the poisoned samples. We demonstrate that this extension improves attack transferability by over 16% to unseen images (of the same object) without increasing the number of poisons.

show abstract

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

Aghakhani¹,

Meng²,

Wang³

et al. 2020

Preprint

View full text Add to dashboard Cite

Evaluating private modes in desktop and mobile browsers and their resistance to fingerprinting

Meng

Chen

2017

View full text Add to dashboard Cite

Bran: Reduce Vulnerability Search Space in Large Open Source Repositories by Learning Bug Symptoms

Meng

Guerriero

Machiry

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Dongyu Meng

MagNet

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

Evaluating private modes in desktop and mobile browsers and their resistance to fingerprinting

Bran: Reduce Vulnerability Search Space in Large Open Source Repositories by Learning Bug Symptoms

Contact Info

Product

Resources

About