[TOC]
Awesome Adversarial Examples for Deep Learning
Table of Contents
Survey
Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
Attack
Gradient-base method
- Box-constrained L-BFGS : Intriguing properties of neural networks. Szegedy, Christian, et al. ICLR(Poster) 2014. [blogs]
- FGSM : Explaining and harnessing adversarial examples. Goodfellow, Ian J., Jonathon Shlens, and Christian Szegedy. ICLR(Poster) 2015. [code, ]
- I-FGSM : Adversarial examples in the physical world. Kurakin, Alexey, Ian Goodfellow, and Samy Bengio. ICLR(Workshop) 2017. [code, ]
- MI-FGSM : Boosting Adversarial Attacks with Momentum. Dong Y , Liao F , Pang T , et al. CVPR 2017. [poster, code]
- DI^2-FGSM and M-DI^2FGSM : Improving Transferability of Adversarial Examples with Input Diversity. Xie, Cihang, et al. CVPR 2019. [code, ]
Relationships between above different attacks:
- JSMA : The limitations of deep learning in adversarial settings. Papernot, Nicolas, et al. (EuroS&P)*. IEEE, 2016.
- One Pixel Attack : One pixel attack for fooling deep neural networks. J. Su, D. V. Vargas, S. Kouichi. arXiv preprint arXiv:1710.08864, 2017.
- DeepFool : DeepFool: a simple and accurate method to fool deep neural networks. S. Moosavi-Dezfooli et al., CVPR 2016.
- C&W : Towards Evaluating the Robustness of Neural Networks. N. Carlini, D. Wagner. arXiv preprint arXiv:1608.04644, 2016.
- ATNs :Adversarial Transformation Networks: Learning to Generate Adversarial Examples. S. Baluja, I. Fischer. arXiv preprint arXiv:1703.09387, 2017.
- UPSET and ANGRI : UPSET and ANGRI: Breaking High Performance Image Classifiers. Sarkar, A. Bansal, U. Mahbub, and R. Chellappa. arXiv preprint arXiv:1707.01159, 2017.
- Intriguing properties of neural networks Szegedy, Christian, et al. arXiv preprint arXiv:1312.6199 (2013).
- Explaining and harnessing adversarial examples Goodfellow, Ian J., Jonathon Shlens, and Christian Szegedy. arXiv preprint arXiv:1412.6572 (2014).
- Deep neural networks are easily fooled: High confidence predictions for unrecognizable images Nguyen, Anh, Jason Yosinski, and Jeff Clune. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2015.
- Adversarial examples in the physical world Kurakin, Alexey, Ian Goodfellow, and Samy Bengio. arXiv preprint arXiv:1607.02533 (2016).
- Adversarial diversity and hard positive generation Rozsa, Andras, Ethan M. Rudd, and Terrance E. Boult. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops. 2016.
- The limitations of deep learning in adversarial settings Papernot, Nicolas, et al. Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 2016.
- Adversarial manipulation of deep representations Sabour, Sara, et al. ICLR. 2016.
- Deepfool: a simple and accurate method to fool deep neural networks Moosavi-Dezfooli, Seyed-Mohsen, Alhussein Fawzi, and Pascal Frossard. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2016.
- Universal adversarial perturbations Moosavi-Dezfooli, Seyed-Mohsen, et al. IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2017.
- Towards evaluating the robustness of neural networks Carlini, Nicholas, and David Wagner. Security and Privacy (S&P). 2017.
- Machine Learning as an Adversarial Service: Learning Black-Box Adversarial Examples Hayes, Jamie, and George Danezis. arXiv preprint arXiv:1708.05207 (2017).
- Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models Chen, Pin-Yu, et al. 10th ACM Workshop on Artificial Intelligence and Security (AISEC) with the 24th ACM Conference on Computer and Communications Security (CCS). 2017.
- Ground-Truth Adversarial Examples Carlini, Nicholas, et al. arXiv preprint arXiv:1709.10207. 2017.
- Generating Natural Adversarial Examples Zhao, Zhengli, Dheeru Dua, and Sameer Singh. arXiv preprint arXiv:1710.11342. 2017.
- Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye, Nicholas Carlini, David Wagner. arXiv preprint arXiv:1802.00420. 2018.
Defense
Network Ditillation
- Distillation as a defense to adversarial perturbations against deep neural networks Papernot, Nicolas, et al.Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016.
Adversarial (Re)Training
- Learning with a strong adversary Huang, Ruitong, et al. arXiv preprint arXiv:1511.03034 (2015).
- Adversarial machine learning at scale Kurakin, Alexey, Ian Goodfellow, and Samy Bengio. ICLR. 2017.
- Ensemble Adversarial Training: Attacks and Defenses Tramèr, Florian, et al. arXiv preprint arXiv:1705.07204 (2017).
- Adversarial training for relation extraction Wu, Yi, David Bamman, and Stuart Russell. Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing. 2017.
- Adversarial Logit Pairing Harini Kannan, Alexey Kurakin, Ian Goodfellow. arXiv preprint arXiv:1803.06373 (2018).
Adversarial Detecting
- Detecting Adversarial Samples from Artifacts Feinman, Reuben, et al. arXiv preprint arXiv:1703.00410 (2017).
- Adversarial and Clean Data Are Not Twins Gong, Zhitao, Wenlu Wang, and Wei-Shinn Ku. arXiv preprint arXiv:1704.04960 (2017).
- Safetynet: Detecting and rejecting adversarial examples robustly Lu, Jiajun, Theerasit Issaranon, and David Forsyth. ICCV (2017).
- On the (statistical) detection of adversarial examples Grosse, Kathrin, et al. arXiv preprint arXiv:1702.06280 (2017).
- On detecting adversarial perturbations Metzen, Jan Hendrik, et al. ICLR Poster. 2017.
- Early Methods for Detecting Adversarial Images Hendrycks, Dan, and Kevin Gimpel. ICLR Workshop (2017).
- Dimensionality Reduction as a Defense against Evasion Attacks on Machine Learning Classifiers Bhagoji, Arjun Nitin, Daniel Cullina, and Prateek Mittal. arXiv preprint arXiv:1704.02654 (2017).
- Detecting Adversarial Attacks on Neural Network Policies with Visual Foresight Lin, Yen-Chen, et al. arXiv preprint arXiv:1710.00814 (2017).
- PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples Song, Yang, et al. arXiv preprint arXiv:1710.10766 (2017).
Input Reconstruction
- PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples Song, Yang, et al. arXiv preprint arXiv:1710.10766 (2017).
- MagNet: a Two-Pronged Defense against Adversarial Examples Meng, Dongyu, and Hao Chen. CCS (2017).
- Towards deep neural network architectures robust to adversarial examples Gu, Shixiang, and Luca Rigazio. arXiv preprint arXiv:1412.5068 (2014).
Classifier Robustifying
- Adversarial Examples, Uncertainty, and Transfer Testing Robustness in Gaussian Process Hybrid Deep Networks Bradshaw, John, Alexander G. de G. Matthews, and Zoubin Ghahramani.arXiv preprint arXiv:1707.02476 (2017).
- Robustness to Adversarial Examples through an Ensemble of Specialists Abbasi, Mahdieh, and Christian Gagné. arXiv preprint arXiv:1702.06856 (2017).
Network Verification
- Reluplex: An efficient SMT solver for verifying deep neural networks Katz, Guy, et al. CAV 2017.
- Safety verification of deep neural networks Huang, Xiaowei, et al. International Conference on Computer Aided Verification. Springer, Cham, 2017.
- Towards proving the adversarial robustness of deep neural networks Katz, Guy, et al. arXiv preprint arXiv:1709.02802 (2017).
- Deepsafe: A data-driven approach for checking adversarial robustness in neural networks Gopinath, Divya, et al. arXiv preprint arXiv:1710.00486 (2017).
- DeepXplore: Automated Whitebox Testing of Deep Learning Systems Pei, Kexin, et al. arXiv preprint arXiv:1705.06640 (2017).
Others
- Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong He, Warren, et al. 11th USENIX Workshop on Offensive Technologies (WOOT 17). (2017).
- Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods Carlini, Nicholas, and David Wagner. AISec. 2017.