Towards Deep Learning Models Resistant to Adversarial Attacks

Mądry, Aleksander; Aleksandar, Makelov,; Schmidt, Ludwig; Tsipras, Dimitris

doi:10.48550/arxiv.1706.06083

Cited by 2,139 publications

(3,801 citation statements)

References 25 publications

(58 reference statements)

Supporting

Mentioning

3,758

Contrasting

Unclassified

Order By: Relevance

“…Although truncation on its own is expected to increase a classifier's robustness, we suggest going farther and coupling our framework with adversarial training as originally proposed by [8]. In the Gaussian mixture setting considered in Section 4, we prove that the asymptotically optimal classifier requires truncation as well as an optimization step for finding the best weights that resemble adversarial training.…”

Section: Adversarial Trainingmentioning

confidence: 94%

“…They were initially shown to be effective in causing classification errors throughout different machine learning models [5,6,7]. Following this, a lot of effort has been put into generating increasingly more complex attack models that can utilize a small amount of semantic-preserving modifications, while still being able to fool a classifier [8,9,10]. Typically, this is done by constraining the perturbations with an p -norm, where the most common settings use either ∞ [11,12,9,8,13,14,15], 2 [16,9,17,18,19], or 1 [20,21].…”

Section: Introductionmentioning

confidence: 99%

“…Following this, a lot of effort has been put into generating increasingly more complex attack models that can utilize a small amount of semantic-preserving modifications, while still being able to fool a classifier [8,9,10]. Typically, this is done by constraining the perturbations with an p -norm, where the most common settings use either ∞ [11,12,9,8,13,14,15], 2 [16,9,17,18,19], or 1 [20,21]. As of now, the state-of-the-art empirical defense against adversarial attacks is iteratively retraining with adversarial examples [8].…”

Section: Introductionmentioning

confidence: 99%

“…Typically, this is done by constraining the perturbations with an p -norm, where the most common settings use either ∞ [11,12,9,8,13,14,15], 2 [16,9,17,18,19], or 1 [20,21]. As of now, the state-of-the-art empirical defense against adversarial attacks is iteratively retraining with adversarial examples [8]. While adversarial retraining by itself can help improve robustness, we have seen a fundamental trade-off between robustness and clean accuracy, as well as a lack of generalization across different attacks [22,23,24,25,26].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Efficient and Robust Classification for Sparse Attacks

Beliaev¹,

Delgosha²,

Hassani³

et al. 2022

Preprint

View full text Add to dashboard Cite

In the past two decades we have seen the popularity of neural networks increase in conjunction with their classification accuracy. Parallel to this, we have also witnessed how fragile the very same prediction models are: tiny perturbations to the inputs can cause misclassification errors throughout entire datasets. In this paper, we consider perturbations bounded by the 0 -norm, which have been shown as effective attacks in the domains of image-recognition, natural language processing, and malware-detection. To this end, we propose a novel defense method that consists of "truncation" and "adversarial training". We then theoretically study the Gaussian mixture setting and prove the asymptotic optimality of our proposed classifier. Motivated by the insights we obtain, we extend these components to neural network classifiers. We conduct numerical experiments in the domain of computer vision using the MNIST and CIFAR datasets, demonstrating significant improvement for the robust classification error of neural networks.

show abstract

Section: Adversarial Trainingmentioning

confidence: 94%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Efficient and Robust Classification for Sparse Attacks

Beliaev¹,

Delgosha²,

Hassani³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The projected gradient descent (PGD) [16] we adopted is the most common method for finding adversarial examples. Given x 0 ∈ X ,…”

Section: Guiding Adversarial Examplesmentioning

confidence: 99%

Adversarial Examples for Good: Adversarial Examples Guided Imbalanced Learning

Zhang¹,

Zhang²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

Adversarial examples are inputs for machine learning models that have been designed by attackers to cause the model to make mistakes. In this paper, we demonstrate that adversarial examples can also be utilized for good to improve the performance of imbalanced learning. We provide a new perspective on how to deal with imbalanced data: adjust the biased decision boundary by training with Guiding Adversarial Examples (GAEs). Our method can effectively increase the accuracy of minority classes while sacrificing little accuracy on majority classes. We empirically show, on several benchmark datasets, our proposed method is comparable to the state-ofthe-art method. To our best knowledge, we are the first to deal with imbalanced learning with adversarial examples.

show abstract

The anticipatory paradigm

2023

View full text Add to dashboard Cite

Anticipatory thinking is necessary for managing risk in the safety-and missioncritical domains where AI systems are being deployed. We analyze the intersection of anticipatory thinking, the optimization paradigm, and metaforesight to advance our understanding of AI systems and their adaptive capabilities when encountering low-likelihood/high-impact risks. We describe this intersection as the anticipatory paradigm. We detail these challenges in concrete examples and propose new types of anticipatory thinking, towards a paradigm shift in how AI systems are evaluated.

show abstract

Towards Deep Learning Models Resistant to Adversarial Attacks

Cited by 2,139 publications

References 25 publications

Efficient and Robust Classification for Sparse Attacks

Efficient and Robust Classification for Sparse Attacks

Adversarial Examples for Good: Adversarial Examples Guided Imbalanced Learning

The anticipatory paradigm

Contact Info

Product

Resources

About