Adversarial Examples: Attacks and Defenses for Deep Learning

Yuan, Xiaoyong; He, Pan; Zhu, Qile; Li, Xiaolin

doi:10.1109/tnnls.2018.2886017

Cited by 1,459 publications

(898 citation statements)

References 120 publications

Supporting

Mentioning

895

Contrasting

Unclassified

Order By: Relevance

“…These types of weaknesses in DNNs could be exploited and pose a security concern for any technology using DNNs. Although defences against these attacks have been proposed [223], state-of-the-art attacks can by-pass defences and detection mechanisms.…”

Section: F Safetymentioning

confidence: 99%

A Survey of Deep Learning Applications to Autonomous Vehicle Control

Kuutti

Bowden

Jin

et al. 2021

IEEE Trans. Intell. Transport. Syst.

489

182

View full text Add to dashboard Cite

Designing a controller for autonomous vehicles capable of providing adequate performance in all driving scenarios is challenging due to the highly complex environment and inability to test the system in the wide variety of scenarios which it may encounter after deployment. However, deep learning methods have shown great promise in not only providing excellent performance for complex and non-linear control problems, but also in generalising previously learned rules to new scenarios. For these reasons, the use of deep learning for vehicle control is becoming increasingly popular. Although important advancements have been achieved in this field, these works have not been fully summarised. This paper surveys a wide range of research works reported in the literature which aim to control a vehicle through deep learning methods. Although there exists overlap between control and perception, the focus of this paper is on vehicle control, rather than the wider perception problem which includes tasks such as semantic segmentation and object detection. The paper identifies the strengths and limitations of available deep learning methods through comparative analysis and discusses the research challenges in terms of computation, architecture selection, goal specification, generalisation, verification and validation, as well as safety. Overall, this survey brings timely and topical information to a rapidly evolving field relevant to intelligent transportation systems.

show abstract

Section: F Safetymentioning

confidence: 99%

A Survey of Deep Learning Applications to Autonomous Vehicle Control

Kuutti

Bowden

Jin

et al. 2021

IEEE Trans. Intell. Transport. Syst.

489

182

View full text Add to dashboard Cite

show abstract

“…The investigation on ACKTR suggests that Kronecker-factored natural gradient approximations in RL is a promising framework. Although remarkable performance has been achieved by these algorithms on many challenging tasks (e.g., video games [1] and board games [37], [38]), recent studies have revealed that the policies trained by these algorithms are easily fooled by adversarial perturbations [3]- [5], as introduced next.…”

Section: A Reinforcement Learningmentioning

confidence: 99%

Minimalistic Attacks: How Little It Takes to Fool Deep Reinforcement Learning Policies

Sun

Ong

et al. 2021

IEEE Trans. Cogn. Dev. Syst.

View full text Add to dashboard Cite

Recent studies have revealed that neural network based policies can be easily fooled by adversarial examples. However, while most prior works analyze the effects of perturbing every pixel of every frame assuming white-box policy access, in this paper we take a more restrictive view towards adversary generation -with the goal of unveiling the limits of a model's vulnerability. In particular, we explore minimalistic attacks by defining three key settings: (1) black-box policy access: where the attacker only has access to the input (state) and output (action probability) of an RL policy; (2) fractional-state adversary: where only several pixels are perturbed, with the extreme case being a single-pixel adversary; and (3) tactically-chanced attack: where only significant frames are tactically chosen to be attacked. We formulate the adversarial attack by accommodating the three key settings, and explore their potency on six Atari games by examining four fully trained state-of-the-art policies. In Breakout, for example, we surprisingly find that: (i) all policies showcase significant performance degradation by merely modifying 0.01% of the input state, and (ii) the policy trained by DQN is totally deceived by perturbation to only 1% frames.

show abstract

“…The second criterion is imposed because of two major reasons. First, we are interested in investigating DNNs and their decision boundaries in the presence of realizable and non-random corner cases which in practice can have major safety and security consequences [5,30,38]. Second, essentially a DNN carves out decision regions (and decision boundaries) by learning on its training data not other random instances in the space R D .…”

Section: Proposed Framework (Deepdig)mentioning

confidence: 99%

Decision Boundary of Deep Neural Networks

Karimi

Tang

2020

Proceedings of the 13th International Conference on Web Search and Data Mining

View full text Add to dashboard Cite

Deep neural networks and in particular, deep neural classifiers have become an integral part of many modern applications. Despite their practical success, we still have limited knowledge of how they work and the demand for such an understanding is evergrowing. In this regard, one crucial aspect of deep neural network classifiers that can help us deepen our knowledge about their decision-making behavior is to investigate their decision boundaries. Nevertheless, this is contingent upon having access to samples populating the areas near the decision boundary. To achieve this, we propose a novel approach we call Deep Decision boundary Instance Generation (DeepDIG). DeepDIG utilizes a method based on adversarial example generation as an effective way of generating samples near the decision boundary of any deep neural network model. Then, we introduce a set of important principled characteristics that take advantage of the generated instances near the decision boundary to provide multifaceted understandings of deep neural networks. We have performed extensive experiments on multiple representative datasets across various deep neural network models and characterized their decision boundaries.

show abstract

Adversarial Examples: Attacks and Defenses for Deep Learning

Cited by 1,459 publications

References 120 publications

A Survey of Deep Learning Applications to Autonomous Vehicle Control

A Survey of Deep Learning Applications to Autonomous Vehicle Control

Minimalistic Attacks: How Little It Takes to Fool Deep Reinforcement Learning Policies

Decision Boundary of Deep Neural Networks

Contact Info

Product

Resources

About