Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data

被引:0
|
作者
Yang, Puyudi [1 ]
Chen, Jianbo [2 ]
Hsieh, Cho-Jui [3 ]
Wang, Jane-Ling [1 ]
Jordan, Michael, I [2 ,4 ]
机构
[1] Univ Calif Davis, Dept Stat, Davis, CA 95616 USA
[2] Univ Calif Berkeley, Dept Stat, Berkeley, CA 94720 USA
[3] Univ Calif Los Angelos, Dept Comp Sci, Los Angeles, CA 90095 USA
[4] Univ Calif Berkeley, Div Comp Sci, Berkeley, CA 94720 USA
来源
JOURNAL OF MACHINE LEARNING RESEARCH | 2020年 / 21卷
关键词
Adversarial Attack;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present a probabilistic framework for studying adversarial attacks on discrete data. Based on this framework, we derive a perturbation-based method, Greedy Attack, and a scalable learning-based method, Gumbel Attack, that illustrate various tradeoffs in the design of attacks. We demonstrate the effectiveness of these methods using both quantitative metrics and human evaluation on various state-of-the-art models for text classification, including a word-based CNN, a character-based CNN and an LSTM. As an example of our results, we show that the accuracy of character-based convolutional networks drops to the level of random selection by modifying only five characters through Greedy Attack.
引用
收藏
页数:36
相关论文
共 50 条
  • [21] Generating Adversarial Examples With Shadow Model
    Zhang, Rui
    Xia, Hui
    Hu, Chunqiang
    Zhang, Cheng
    Liu, Chao
    Xiao, Fu
    IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2022, 18 (09) : 6283 - 6289
  • [22] TransNoise: Transferable Universal Adversarial Noise for Adversarial Attack
    Wei, Yier
    Gao, Haichang
    Wang, Yufei
    Liu, Huan
    Gao, Yipeng
    Luo, Sainan
    Guo, Qianwen
    ARTIFICIAL NEURAL NETWORKS AND MACHINE LEARNING, ICANN 2023, PT V, 2023, 14258 : 193 - 205
  • [23] Attack and Defense: Adversarial Security of Data-Driven FDC Systems
    Zhuo, Yue
    Yin, Zhenqin
    Ge, Zhiqiang
    IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2023, 19 (01) : 5 - 19
  • [24] Multitask adversarial attack with dispersion amplification
    Haleta, Pavlo
    Likhomanov, Dmytro
    Sokol, Oleksandra
    EURASIP JOURNAL ON INFORMATION SECURITY, 2021, 2021 (01)
  • [25] Multitask adversarial attack with dispersion amplification
    Pavlo Haleta
    Dmytro Likhomanov
    Oleksandra Sokol
    EURASIP Journal on Information Security, 2021
  • [26] Adversarial Attack and Defense in Deep Ranking
    Zhou, Mo
    Wang, Le
    Niu, Zhenxing
    Zhang, Qilin
    Zheng, Nanning
    Hua, Gang
    IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, 2024, 46 (08) : 5306 - 5324
  • [27] Graph Adversarial Attack via Rewiring
    Ma, Yao
    Wang, Suhang
    Derr, Tyler
    Wu, Lingfei
    Tang, Jiliang
    KDD '21: PROCEEDINGS OF THE 27TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY & DATA MINING, 2021, : 1161 - 1169
  • [28] Adversarial Attack on Large Scale Graph
    Li, Jintang
    Xie, Tao
    Chen, Liang
    Xie, Fenfang
    He, Xiangnan
    Zheng, Zibin
    IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2023, 35 (01) : 82 - 95
  • [29] Camouflaged Adversarial Attack on Object Detector
    Kim, Jeonghun
    Lee, Kyungmin
    Lee, Hyeongkeun
    Yang, Hunmin
    Oh, Se-Yoon
    2021 21ST INTERNATIONAL CONFERENCE ON CONTROL, AUTOMATION AND SYSTEMS (ICCAS 2021), 2021, : 613 - 617
  • [30] An Adversarial Attack via Penalty Method
    Sun, Jiyuan
    Yu, Haibo
    Zhao, Jianjun
    IEEE ACCESS, 2025, 13 : 18123 - 18140
12345