对抗样本
发布时间:2020-10-04,作者:阿水
Adversarial examples are imperceptible to human but can easily fool deep neural networks in the testing/deploying stage. The vulnerability to adversarial examples becomes one of the major risks for applying deep neural networks in safety-critical scenarios. Therefore, the attacks and defenses on adversarial examples draw great attention.
## Survey
- Adversarial Examples Attacks and Defenses for Deep Learning, arxiv 2017.
- Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey, arxiv 2018.
## Blog
## General
- Explaining and Harnessing Adversarial Examples
- Decision Boundary Analysis of Adversarial Examples, ICLR 2018.
- Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality, ICLR 2018.
- Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach, ICLR 2018.
- Adversarial Spheres, ICLR Workshop 2018.
- Intriguing Properties of Adversarial Examples, ICLR Workshop 2018.
- On the Limitation of Local Intrinsic Dimensionality for Characterizing the Subspaces of Adversarial Examples, ICLR Workshop 2018.
- Analyzing the Robustness of Nearest Neighbors to Adversarial Examples, ICML 2018.
- Adversarial Risk and the Dangers of Evaluating Against Weak Attacks, ICML 2018.
- There Is No Free Lunch In Adversarial Robustness(But There Are Unexpected Benefits), arxiv 2018. Code
## Attacks
### Universal Perturbations
- Universal adversarial perturbations, CVPR 2017.
- Fast feature fool: A data independent approach to universal adversarial perturbations, BMVC 2017.
- Generalizable data-free objective for crafting universal adversarial perturbations, arXiv 2018.
- NAG: Network for Adversary Generation, CVPR 2018.
### OnePixel Perturbations
- One pixel attack for fooling deep neural networks, arXiv 2017.
- Attacking Convolutional Neural Network using Differential Evolution, arXiv 2018.
- Exploring Adversarial Examples Patterns of One-Pixel Attacks, arXiv 2018.
### General Perturbations
- Adversarial Manipulation of Deep Representations, ICLR 2016. Code
- Adversarial Patch, arxiv 2017.
- Adversarial Examples for Semantic Segmentation and Object Detection, ICCV 2017.
- Adversarial Image Perturbation for Privacy Protection - A Game Theory Perspective, ICCV 2017.
- Adversarial examples in the physical world, ICLR 2017.
- Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR 2017.
- Delving into adversarial attacks on deep policies, ICLR Workshop 2017.
- Adversarial Examples for Semantic Image Segmentation, ICLR Workshop 2017.
- Adversarial Attacks on Neural Network Policies, ICLR Workshop 2017.
- Robustness to Adversarial Examples through an Ensemble of Specialists, ICLR Workshop 2017.
- Art of singular vectors and universal adversarial perturbations, CVPR 2018.
- Boosting Adversarial Attacks With Momentum, CVPR 2018.
- Generative Adversarial Perturbations, CVPR 2018.
- Attacking Binarized Neural Networks, ICLR 2018.
- Noisy Networks For Exploration, ICLR 2018.
- Mitigating Adversarial Effects Through Randomization, ICLR 2018.
- Synthetic and Natural Noise Both Break Neural Machine Translation, ICLR 2018.
- Generating Natural Adversarial Examples, ICLR 2018. Code
- Spatially Transformed Adversarial Examples, ICLR 2018.
- Black-box Attacks on Deep Neural Networks via Gradient Estimation, ICLR Workshop 2018.
- Attacking the Madry Defense Model with $L_1$ based Adversarial Examples, ICLR Workshop 2018.
- LaVAN: Localized and Visible Adversarial Noise, ICML 2018.
- Adversarial Attack on Graph Structured Data, ICML 2018.
- Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training, ICML 2018.
- Synthesizing Robust Adversarial Examples, ICML 2018.
- Adversarial Attacks under Restricted Threat Models, ICML 2018.
## Defences
- Towards Deep Neural Network Architectures Robust to Adversarial Examples, arxiv 2014.
- On Detecting Adversarial Perturbations, arxiv 2017.
- Practical Black-Box Attacks against Machine Learning, ACCCS 2017.
- Making Deep Neural Networks Robust to Label Noise: A Loss Correction Approach, CVPR 2017.
- Noise Robust Depth From Focus Using a Ring Difference Filter, CVPR 2017.
- SafetyNet: Detecting and Rejecting Adversarial Examples Robustly, ICCV 2017.
- Adversarial Examples Detection in Deep Networks With Convolutional Filter Statistics, ICCV 2017.
- Universal Adversarial Perturbations Against Semantic Image Segmentation, ICCV 2017.
- Adversarial Machine Learning at Scale, ICLR 2017.
- Early Methods for Detecting Adversarial Images, ICLR 2017.
- Tactics of Adversarial Attack on Deep Reinforcement Learning Agents, ICLR Workshop 2017.
- DeepCloak: Masking Deep Neural Network Models for Robustness Against Adversarial Samples, ICLR Workshop 2017.
- A Theoretical Framework for Robustness of (Deep) Classifiers against Adversarial Samples, ICLR 2017.
- Parseval Networks: Improving Robustness to Adversarial Examples, ICML 2017.
- Adversarial Attacks Against Medical Deep Learning Systems, arxiv 2018.
- On the Robustness of Semantic Segmentation Models to Adversarial Attacks, CVPR 2018.
- On the Robustness of Semantic Segmentation Models to Adversarial Attacks, CVPR 2018.
- Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser, CVPR 2018.
- Deflecting Adversarial Attacks with Pixel Deflection, CVPR 2018.
- Defense Against Universal Adversarial Perturbations, CVPR 2018.
- Robust Physical-World Attacks on Deep Learning Visual Classification, CVPR 2018.
- Certifying Some Distributional Robustness with Principled Adversarial Training, ICLR 2018.
- Towards Deep Learning Models Resistant to Adversarial Attacks, ICLR 2018.
- Certified Defenses against Adversarial Examples, ICLR 2018.
- Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models, ICLR 2018.
- Ensemble Adversarial Training: Attacks and Defenses, ICLR 2018.
- Countering Adversarial Images using Input Transformations, ICLR 2018.
- Fix your classifier: the marginal value of training the last weight layer, ICLR 2018.
- Robustness of Classifiers to Universal Perturbations: A Geometric Perspective , ICLR 2018.
- PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples, ICLR 2018.
- Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models, ICLR 2018.
- Stochastic Activation Pruning for Robust Adversarial Defense, ICLR 2018.
- Thermometer Encoding: One Hot Way To Resist Adversarial Examples, ICLR 2018.
- Certifying Some Distributional Robustness with Principled Adversarial Training, ICLR 2018.
- Ensemble Robustness and Generalization of Stochastic Deep Learning Algorithms, ICLR Workshop 2018.
- Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope, ICML 2018.
- Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples, ICML 2018. Code
## Others
- Understanding Deep Neural Networks with Rectified Linear Units, ICLR 2018.
## Competition
MadryLab challenge of adversarial robustness
NIPS 2017 Adversarial Attacks and Defenses, Blog, Result, Technical Report
- NIPS 2017: Non-targeted Adversarial Attack
- 1st Solution, Boosting Adversarial Attacks with Momentum
- 2rd Solution, Ensemble Adversarial Training: Attacks and Defenses
- 5th Solution, BasicIterativeMethod with modification.
- 9th Solution, Paper, Video
- 10th Solution, Poster, Video, MMD
- 11th Solution
- 14th Solution, PGD attack.
- 16th Solution, Iterative FGSM with 5 models.
- 19th Solution
- NIPS 2017: Targeted Adversarial Attack
- 1st Solution, Boosting Adversarial Attacks with Momentum
- 2rd Solution, Ensemble Adversarial Training: Attacks and Defenses
- 4th Solution, Poster, Video, MMD
- 5th Solution, Paper, Video
- 6th Solution, PGD attack and Ensemble.
- 7th Solution, Iterative attack with 2 models.
- 9th Solution, iter_target_class with modification.
- 15th Solution
- 20th Solution
- NIPS 2017: Defense Against Adversarial Attack
The defense is to utilize randomization to defend adversarial examples
MCS 2018. Adversarial Attacks on Black Box Face Recognition
CAAD 2018 Adversarial Attacks and Defenses
- CAAD 2018: Targeted Adversarial Attack
- CAAD 2018: Defense Against Adversarial Attack
- CAAD 2018: Non-targeted Adversarial Attack
- 1st Solutions
NIPS 2018 Adversarial Vision Challenge
## Useful Package/Code