Published on Wed Dec 27 2017

Adversarial Patch

Tom B. Brown, Dandelion Mané, Aurko Roy, Martín Abadi, Justin Gilmer

Adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers. Even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class.

4
0
7
Abstract

We present a method to create universal, robust, targeted adversarial image patches in the real world. The patches are universal because they can be used to attack any scene, robust because they work under a wide variety of transformations, and targeted because they can cause a classifier to output any target class. These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers; even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class. To reproduce the results from the paper, our code is available at https://github.com/tensorflow/cleverhans/tree/master/examples/adversarial_patch

Mon Jan 08 2018
Machine Learning
LaVAN: Localized and Visible Adversarial Noise
Most works on adversarial examples for deep-learning based image classifiers use noise that, while small, covers the entire image. We explore the case where noise is allowed to be visible but confined to a small, localized patch of the image.
0
0
0
Tue Mar 28 2017
Neural Networks
Adversarial Transformation Networks: Learning to Generate Adversarial Examples
We efficiently train feed-forward neural networks in a self-supervised manner to generate adversarial examples against a target network or set of networks. We present methods to train ATNs and analyze their effectiveness targeting a variety of MNIST classifiers.
0
0
0
Tue May 05 2020
Machine Learning
Adversarial Training against Location-Optimized Adversarial Patches
Deep neural networks have been shown to be susceptible to adversarial examples. These are small, imperceptible changes constructed to cause mis-classification in image classifiers. Recent work proposed so-called adversarial patches as an alternative.
0
0
0
Mon Nov 25 2019
Machine Learning
One Man's Trash is Another Man's Treasure: Resisting Adversarial Examples by Adversarial Examples
Modern image classification systems are often built on deep neural networks. They suffer from adversarial examples--images with deliberately crafted,perceptible noise to mislead the network's classification. To defend against these examples, a plausible idea is to obfuscate the gradient with respect to the input image.
0
0
0
Tue Apr 28 2020
Machine Learning
Minority Reports Defense: Defending Against Adversarial Patches
Deep learning image classification is vulnerable to adversarial attack. We propose a defense against patch attacks based on partially occluding the image around each candidate patch location.
0
0
0
Wed Nov 13 2019
Artificial Intelligence
Adversarial Examples in Modern Machine Learning: A Review
Recent research has found that many families of machine learning models are vulnerable to adversarial examples. These are inputs that are specifically designed to cause the target model to produce erroneous outputs. We explore a variety of adversarial attack methods that apply to image-space content and real world adversarial attacks.
0
0
0
Thu Jul 27 2017
Machine Learning
Robust Physical-World Attacks on Deep Learning Models
Recent studies show that the state-of-the-art deep neural networks (DNNs) are vulnerable to adversarial examples, resulting from small-magnitude perturbations added to the input. Given that emerging physical systems are using DNNs in safety-critical situations, adversarial example
5
16
54
Sat Dec 20 2014
Machine Learning
Explaining and Harnessing Adversarial Examples
Machine learning models consistently misclassify adversarial examples. We argue that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature. This explanation is supported by new quantitative results.
8
4
25
Sat Dec 21 2013
Neural Networks
Intriguing properties of neural networks
Deep neural networks are highly expressive models that have recently achieved state of the art performance on speech and visual recognition tasks. While expressiveness is the reason they succeed, it also causes them to learn uninterpretable solutions.
2
4
16
Tue Oct 24 2017
Machine Learning
One pixel attack for fooling deep neural networks
Recent research has revealed that the output of Deep Neural Networks (DNN) can be easily altered by adding relatively small perturbations to the input vector. In this paper, we analyze an attack in an extremely limited scenario where only one pixel can be modified.
2
0
1
Mon Jun 19 2017
Machine Learning
Towards Deep Learning Models Resistant to Adversarial Attacks
Recent work has demonstrated that deep neural networks are vulnerable to adversarial examples. The existence of adversarial attacks may be an inherentweakness of deep learning models. To address this problem, we study the robustness of neural networks through the lens of robust optimizing.
3
0
1
Wed Oct 26 2016
Artificial Intelligence
Universal adversarial perturbations
We show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations.
0
0
0
Mon Jun 22 2020
Machine Learning
Perceptual Adversarial Robustness: Defense Against Unseen Threat Models
A key challenge in adversarial robustness is the lack of a precise characterization of human perception. To resolve this issue, we propose adversarial training against the set of all imperceptible adversarial examples, approximated using deep neural networks.
2
20
82
Thu Mar 25 2021
Computer Vision
StyleLess layer: Improving robustness for real-world driving
Deep Neural Networks (DNNs) are a critical component for self-driving vehicles. Robustness to various image disruptions, caused by changing weather conditions or sensor degradation, is crucial for safety when such vehicles are deployed.
2
10
56
Mon Oct 19 2020
Machine Learning
RobustBench: a standardized adversarial robustness benchmark
A key challenge in evaluating robustness is that its evaluation is often error-prone. To evaluate the robustness of models for our benchmark, we consider AutoAttack. We also impose some restrictions on the admitted models to rule out defenses that only make gradient-based attacks ineffective without improving actual robustness.
4
4
17
Thu Dec 10 2020
Machine Learning
Robustness and Transferability of Universal Attacks on Compressed Models
Neural network compression methods like pruning and quantization are very effective at efficiently deploying Deep Neural Networks (DNNs) on edge devices. DNNs remain vulnerable to adversarial examples-inconspicuous inputsthat are specifically designed to fool these models.
1
5
10
Thu Jun 10 2021
Computer Vision
Deep neural network loses attention to adversarial images
Adversarial algorithms have shown to be effective against neural networks for a variety of tasks. Some adversarial algorithms perturb all the pixels in the image minimally for the image classification task in image classification. However, very little information is available regarding why these adversarial samples exist.
2
2
2
Thu Jan 30 2020
Machine Learning
Tiny noise, big mistakes: Adversarial perturbations induce errors in Brain-Computer Interface spellers
An electroencephalogram (EEG) based brain-computer interface (BCI) speller allows a user to input text to a computer by thought. Most studies so far focused on making EEG-based BCI spellers faster and more reliable. But few have considered their security.
2
3
2