Adversarial Examples for Generative Models

Kos, Jernej; Fischer, Ian; Song, Dawn

doi:10.1109/spw.2018.00014

Cited by 190 publications

(149 citation statements)

References 9 publications

Supporting

Mentioning

146

Contrasting

Order By: Relevance

“…However, it is reported in [128] that autoencoders seem to be much more robust to adversarial attacks than the typical classifier networks. Kos et al [121] also explored methods for computing adversarial examples for deep generative models, e.g. variational autoencoder (VAE) and the VAE-Generative Adversarial Networks (VAE-GANs).…”

Section: Attacks On Autoencoders and Generative Modelsmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

Deep learning is at the heart of the current rise of artificial intelligence. In the field of Computer Vision, it has become the workhorse for applications ranging from self-driving cars to surveillance and security. Whereas deep neural networks have demonstrated phenomenal success (often beyond human capabilities) in solving complex problems, recent studies show that they are vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrect outputs. For images, such perturbations are often too small to be perceptible, yet they completely fool the deep learning models. Adversarial attacks pose a serious threat to the success of deep learning in practice. This fact has recently lead to a large influx of contributions in this direction. This article presents the first comprehensive survey on adversarial attacks on deep learning in Computer Vision. We review the works that design adversarial attacks, analyze the existence of such attacks and propose defenses against them. To emphasize that adversarial attacks are possible in practical conditions, we separately review the contributions that evaluate adversarial attacks in the real-world scenarios. Finally, drawing on the reviewed literature, we provide a broader outlook of this research direction.

show abstract

Section: Attacks On Autoencoders and Generative Modelsmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

show abstract

“…Existing work on adversarial examples has focused largely on the space of images, be it image classification [40], generative models on images [26], image segmentation [1], face detection [37], or reinforcement learning by manipulating the images the RL agent sees [6,21]. In the discrete domain, there has been some study of adversarial examples over text classification [23] and malware classification [16,20].…”

Section: Introductionmentioning

confidence: 99%

Audio Adversarial Examples: Targeted Attacks on Speech-to-Text

Carlini

Wagner

2018

2018 IEEE Security and Privacy Workshops (SPW)

846

809

View full text Add to dashboard Cite

We construct targeted audio adversarial examples on automatic speech recognition. Given any audio waveform, we can produce another that is over 99.9% similar, but transcribes as any phrase we choose (recognizing up to 50 characters per second of audio). We apply our white-box iterative optimization-based attack to Mozilla's implementation DeepSpeech end-to-end, and show it has a 100% success rate. The feasibility of this attack introduce a new domain to study adversarial examples. 1

show abstract

“…A classic example is an adversary attaching a small, human-imperceptible sticker onto a stop sign that causes a self-driving car to recognize it as a yield sign. Adversarial examples have also been demonstrated in domains such as reinforcement learning [32] and generative models [31].…”

Section: Introductionmentioning

confidence: 99%

Certified Robustness to Adversarial Examples with Differential Privacy

Lécuyer

Atlidakis

Geambasu

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

594

537

View full text Add to dashboard Cite

Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to normbounded attacks. However these defenses either do not scale to large datasets or are limited in the types of models they can support. This paper presents the first certified defense that both scales to large networks and datasets (such as Google's Inception network for ImageNet) and applies broadly to arbitrary model types. Our defense, called PixelDP, is based on a novel connection between robustness against adversarial examples and differential privacy, a cryptographically-inspired privacy formalism, that provides a rigorous, generic, and flexible foundation for defense.

show abstract

Adversarial Examples for Generative Models

Cited by 190 publications

References 9 publications

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Audio Adversarial Examples: Targeted Attacks on Speech-to-Text

Certified Robustness to Adversarial Examples with Differential Privacy

Contact Info

Product

Resources

About