Symmetric adversarial poisoning against deep learning

被引:0
作者
Chan-Hon-Tong, Adrien [1 ]
机构
[1] Univ Paris Saclay, ONERA, Palaiseau, France
来源
2020 TENTH INTERNATIONAL CONFERENCE ON IMAGE PROCESSING THEORY, TOOLS AND APPLICATIONS (IPTA) | 2020年
关键词
data poisoning; adversarial examples; deep learning;
D O I
10.1109/ipta50016.2020.9286651
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Data poisoning is known as the goal of finding small modifications of training data which make them not suitable anymore for training a targeted model. Recently, an efficient symmetric poisoning attack targeting frozen deep features plus support vector machine has been found. However, new experiments presented in this paper shows that this attack is not symmetric anymore on unfrozen/real deep networks. Then, several extensions of this attack are considered on CIFAR10/CIFAR100 with both VGG and ResNet backbone leading to a symmetric attack. On VGG/CIFAR10 setting, this extended attack makes performances moving by -60%,+5% from native accuracy using perturbations invisible to human eyes. Code is available at github.com/achanhon/AdversarialModel.
引用
收藏
页数:5
相关论文
共 33 条
[1]  
Nguyen A, 2015, PROC CVPR IEEE, P427, DOI 10.1109/CVPR.2015.7298640
[2]   An Algorithm for Generating Invisible Data Poisoning Using Adversarial Noise That Breaks Image Classification Deep Learning [J].
Chan-Hon-Tong, Adrien .
MACHINE LEARNING AND KNOWLEDGE EXTRACTION, 2019, 1 (01) :192-204
[3]  
Cisse M, 2017, ADV NEUR IN, V30
[4]   The Cityscapes Dataset for Semantic Urban Scene Understanding [J].
Cordts, Marius ;
Omran, Mohamed ;
Ramos, Sebastian ;
Rehfeld, Timo ;
Enzweiler, Markus ;
Benenson, Rodrigo ;
Franke, Uwe ;
Roth, Stefan ;
Schiele, Bernt .
2016 IEEE CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2016, :3213-3223
[5]   Generative Adversarial Networks An overview [J].
Creswell, Antonia ;
White, Tom ;
Dumoulin, Vincent ;
Arulkumaran, Kai ;
Sengupta, Biswa ;
Bharath, Anil A. .
IEEE SIGNAL PROCESSING MAGAZINE, 2018, 35 (01) :53-65
[6]  
Deng J, 2009, PROC CVPR IEEE, P248, DOI 10.1109/CVPRW.2009.5206848
[7]   The LogBarrier adversarial attack: making effective use of decision boundary information [J].
Finlay, Chris ;
Pooladian, Aram-Alexandre ;
Oberman, Adam .
2019 IEEE/CVF INTERNATIONAL CONFERENCE ON COMPUTER VISION (ICCV 2019), 2019, :4861-4869
[8]  
Goodfellow IJ, 2014, ADV NEUR IN, V27, P2672
[9]   Deep Learning in Medical Imaging: Overview and Future Promise of an Exciting New Technique [J].
Greenspan, Hayit ;
van Ginneken, Bram ;
Summers, Ronald M. .
IEEE TRANSACTIONS ON MEDICAL IMAGING, 2016, 35 (05) :1153-1159
[10]   Adversarial Examples for Malware Detection [J].
Grosse, Kathrin ;
Papernot, Nicolas ;
Manoharan, Praveen ;
Backes, Michael ;
McDaniel, Patrick .
COMPUTER SECURITY - ESORICS 2017, PT II, 2017, 10493 :62-79
1234