Adversarial Attacks and Defenses in Images, Graphs and Text: A Review

Xu, Han; Ma, Yao; Liu, Hao-Chen; Deb, Debayan; Liu, Hui; Tang, Jiliang; Jain, Anil K.

doi:10.1007/s11633-019-1211-x

Cited by 519 publications

(268 citation statements)

References 114 publications

(212 reference statements)

Supporting

Mentioning

267

Contrasting

Order By: Relevance

“…In safety critical applications like automatic drug injection in humans, guidance and navigation of autonomous vehicles or oil well drilling a black-box approach will be unacceptable. In fact the vulnerability of DNN have been been exposed beyond doubt in several recent works [137], [138], [139]. These models can also be extremely biased depending upon the data they were trained on.…”

Section: B Data-driven Modelingmentioning

confidence: 99%

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

2020

View full text Add to dashboard Cite

A digital twin can be defined as an adaptive model of a complex physical system. Recent advances in computational pipelines, multiphysics solvers, artificial intelligence, big data cybernetics, data processing and management tools bring the promise of digital twins and their impact on society closer to reality. Digital twinning is now an important and emerging trend in many applications. Also referred to as a computational megamodel, device shadow, mirrored system, avatar or a synchronized virtual prototype, there can be no doubt that a digital twin plays a transformative role not only in how we design and operate cyber-physical intelligent systems, but also in how we advance the modularity of multi-disciplinary systems to tackle fundamental barriers not addressed by the current, evolutionary modeling practices. In this work, we review the recent status of methodologies and techniques related to the construction of digital twins. Our aim is to provide a detailed coverage of the current challenges and enabling technologies along with recommendations and reflections for various stakeholders.

show abstract

Section: B Data-driven Modelingmentioning

confidence: 99%

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

2020

View full text Add to dashboard Cite

show abstract

“…Therefore, random borderline instances (i.e., those which are not similar to real instances) occupy some parts of the input space which are not practically appealing for further decision boundary characterization in Section 4. Note that, in spirit, the second criterion is similar to what that is followed in adversarial example generation [36] where adversarial examples are required to be similar to real (benign) samples.…”

Section: Proposed Framework (Deepdig)mentioning

confidence: 99%

“…One way to obtain samples enjoying the criterion (b) mentioned above is via targeted adversarial examples which are slightly distorted versions of real instances and are misclassified by a DNN [36]. As will be discussed shortly, targeted adversarial example generation paves the way to meet the criterion (a) as well.…”

Section: Component (I): Initial Source To Target Adversarial Example mentioning

confidence: 99%

Decision Boundary of Deep Neural Networks

Karimi

Tang

2020

Proceedings of the 13th International Conference on Web Search and Data Mining

View full text Add to dashboard Cite

Deep neural networks and in particular, deep neural classifiers have become an integral part of many modern applications. Despite their practical success, we still have limited knowledge of how they work and the demand for such an understanding is evergrowing. In this regard, one crucial aspect of deep neural network classifiers that can help us deepen our knowledge about their decision-making behavior is to investigate their decision boundaries. Nevertheless, this is contingent upon having access to samples populating the areas near the decision boundary. To achieve this, we propose a novel approach we call Deep Decision boundary Instance Generation (DeepDIG). DeepDIG utilizes a method based on adversarial example generation as an effective way of generating samples near the decision boundary of any deep neural network model. Then, we introduce a set of important principled characteristics that take advantage of the generated instances near the decision boundary to provide multifaceted understandings of deep neural networks. We have performed extensive experiments on multiple representative datasets across various deep neural network models and characterized their decision boundaries.

show abstract

“…A recent paper provides a comprehensive review of adversarial attacks and defenses [1] and provides a taxonomy for both the adversarial attacks and defenses. Pulling on the past literature, this review paper defi nes adversarial examples as "inputs to machine learning models that an attacker intentionally designed to cause the model to make mistakes".…”

Section: Introductionmentioning

confidence: 99%

“…The taxonomy of adversarial defense in Xu, et al [1] consists of three categories: gradient masking, robust optimization, and adversarial detection. Gradient masking includes input data preprocessing (i.e., jpeg compression [2]), thermometer encoding [3], adversarial logit pairing [4]), defensive distillation [5], randomization of the deep neural network models (i.e., randomly choosing a model from a set of models [6]) or using dropout [7,8]), and the use of generative models (i.e., PixelDefend [9] and Defense-GAN [10]).…”

Section: Introductionmentioning

confidence: 99%

A useful taxonomy for adversarial robustness of Neural Networks

Smith¹

2020

Trends Comput Sci Inf Technol

View full text Add to dashboard Cite

Jacobian regularization [13]), and provable defenses (i.e., Reluplex algorithm [14]). Adversarial training is a form of data augmentation where adversarial examples are added to or replace the benign training data. Adversarial training is an important defense discussed in the literature, and variations have been proposed, such as ensemble adversarial training where the adversarial examples are computed from a set

show abstract

Adversarial Attacks and Defenses in Images, Graphs and Text: A Review

Cited by 519 publications

References 114 publications

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

Decision Boundary of Deep Neural Networks

A useful taxonomy for adversarial robustness of Neural Networks

Contact Info

Product

Resources

About