Ming Zhang scite author profile

As the machine learning-related technology has made great progress in recent years, deep neural networks are widely used in many scenarios, including security-critical ones, which may incura great loss when DNN is compromised. Starting from introducing several commonly used bit-flip methods, this paper concentrates on bit-flips attacks aiming DNN and the corresponding defense methods. We analyze the threat models, methods design, and effect of attack and defense methods in detail, drawing some helpful conclusions about improving the robustness and resilience of DNN. In addition, we point out several drawbacks to existing works, which can hopefully be researched in the future.

show abstract

Fooling Examples: Another Intriguing Property of Neural Networks

Zhang¹,

Chen²,

Cheng³

2023

Sensors

View full text Add to dashboard Cite

Neural networks have been proven to be vulnerable to adversarial examples; these are examples that can be recognized by both humans and neural networks, although neural networks give incorrect predictions. As an intriguing property of neural networks, adversarial examples pose a serious threat to the secure application of neural networks. In this article, we present another intriguing property of neural networks: the fact that well-trained models believe some examples to be recognizable objects (often with high confidence), while humans cannot recognize such examples. We refer to these as “fooling examples”. Specifically, we take inspiration from the construction of adversarial examples and develop an iterative method for generating fooling examples. The experimental results show that fooling examples can not only be easily generated, with a success rate of nearly 100% in the white-box scenario, but also exhibit strong transferability across different models in the black-box scenario. Tests on the Google Cloud Vision API show that fooling examples can also be recognized by real-world computer vision systems. Our findings reveal a new cognitive deficit of neural networks, and we hope that these potential security threats will be addressed in future neural network applications.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ming Zhang

An Anomaly Detection Model Based on One-Class SVM to Detect Network Intrusions

An Anomaly Detection Method Based on Multi-models to Detect Web Attacks

Detecting network intrusion using Probabilistic Neural Network

A Survey of Bit-Flip Attacks on Deep Neural Network and Corresponding Defense Methods

Fooling Examples: Another Intriguing Property of Neural Networks

Contact Info

Product

Resources

About