Internet Archive Scholar
Filters
























63 Hits in 5.9 sec

Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks [article]

Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, Fabio Roli
2019 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.3 MB)
https://web.archive.org/web/20200831042743/https://arxiv.org/pdf/1809.02861v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2019 pre-print arXiv:1809.02861v2 fatcat:j7n5wxkmvzgmrh54e3rxc4cy6y

Other Versions

2018 pre-print
arXiv:1809.02861v1 fatcat:jehetdsdkrezbpfor6c6arrymq
2019 pre-print
arXiv:1809.02861v3 fatcat:gagvn5mdazcz7otgl5vqr7a6te
We provide a unifying optimization framework for evasion and poisoning attacks, and a formal definition of transferability of such attacks.  ...  In this paper, we present a comprehensive analysis aimed to investigate the transferability of both test-time evasion and training-time poisoning attacks.  ...  TRANSFERABILITY DEFINITION AND METRICS We discuss here an intriguing connection among transferability of both evasion and poisoning attacks, input gradients and regularization, and highlight the factors  ... 
arXiv:1809.02861v4 fatcat:mndeutlpmjdwrghudt54spnj5q
Multiple Versions
Citation

Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, Fabio Roli. "Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks." arXiv (2019)

TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors [article]

Ren Pang, Zheng Zhang, Xiangshan Gao, Zhaohan Xi, Shouling Ji, Peng Cheng, Ting Wang
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.4 MB)
https://web.archive.org/web/20220324210252/https://arxiv.org/pdf/2012.09302v3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Other Versions

2020 pre-print
arXiv:2012.09302v1 fatcat:gddqrajq7nfblcqehwsz6oddii
2020 pre-print
arXiv:2012.09302v2 fatcat:k32d2tlzyfh7nllbzl5ijtocdm
, evasiveness, and transferability of attacks).  ...  Neural backdoors represent one primary threat to the security of deep learning systems. The intensive research has produced a plethora of backdoor attacks/defenses, resulting in a constant arms race.  ...  Any opinions, findings, and conclusions or recommendations are those of the authors and do not necessarily reflect the views of the National Science Foundation. X.  ... 
arXiv:2012.09302v3 fatcat:6blygw2fhnhc7ctltlkhi3wqcq
Multiple Versions
Citation

Ren Pang, Zheng Zhang, Xiangshan Gao, Zhaohan Xi, Shouling Ji, Peng Cheng, Ting Wang. "TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors." arXiv (2022)

The Threat of Adversarial Attacks on Machine Learning in Network Security – A Survey [article]

Olakunle Ibitoye, Rana Abou-Khamis, Ashraf Matrawy, M. Omair Shafiq
2020 arXiv   pre-print

Preserved Fulltext

Web Archive Capture PDF (5.3 MB)
https://web.archive.org/web/20201009120734/https://arxiv.org/pdf/1911.02621v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1911.02621v1 fatcat:zkzgklbemreqdpxgbfbkf4lgzi
In what could be considered an arms race between attackers and defenders, adversaries constantly probe machine learning systems with inputs which are explicitly designed to bypass the system and induce  ...  First, we classify adversarial attacks in network security based on a taxonomy of network security applications.  ...  The iteration in the algorithm is based on gradient direction, step size, and boundary search. 2) Poisoning Attacks: A poisoning attack also known as causative attack, uses direct or indirect means to  ... 
arXiv:1911.02621v2 fatcat:p7mgj65wavee3op6as5lufwj3q
Open Access Multiple Versions
Citation

Olakunle Ibitoye, Rana Abou-Khamis, Ashraf Matrawy, M. Omair Shafiq. "The Threat of Adversarial Attacks on Machine Learning in Network Security – A Survey." arXiv (2020)

Graph Backdoor [article]

Zhaohan Xi, Ren Pang, Shouling Ji, Ting Wang
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.4 MB)
https://web.archive.org/web/20210812182923/https://arxiv.org/pdf/2006.11890v5.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2020 pre-print
arXiv:2006.11890v2 fatcat:cmzpv72pqfcsxm3sairt37cw54
2021 pre-print
arXiv:2006.11890v4 fatcat:5z5gchc245ddnpsoobmval2tla
2020 pre-print
arXiv:2006.11890v1 fatcat:4ih4dlbczjbhjc55scxt4kcwji
2021 pre-print
arXiv:2006.11890v3 fatcat:sczfxgvqtbfcvgc2ss7pxss5ku
One intriguing property of deep neural networks (DNNs) is their inherent vulnerability to backdoor attacks -- a trojan model responds to trigger-embedded inputs in a highly predictable manner while functioning  ...  design spectrum for the adversary; input-tailored -- it dynamically adapts triggers to individual graphs, thereby optimizing both attack effectiveness and evasiveness; downstream model-agnostic -- it  ...  Figure 6 : 6 Impact of trigger size n trigger on the attack effectiveness and evasiveness of GTA against off-the-shelf models.  ... 
arXiv:2006.11890v5 fatcat:cmq2hrqgyre3bjww6tp4dfxtqu
Open Access Multiple Versions
Citation

Zhaohan Xi, Ren Pang, Shouling Ji, Ting Wang. "Graph Backdoor." arXiv (2021)

Towards Security Threats of Deep Learning Systems: A Survey [article]

Yingzhe He and Guozhu Meng and Kai Chen and Xingbo Hu and Jinwen He
2020 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.3 MB)
https://web.archive.org/web/20201029232341/https://arxiv.org/pdf/1911.12562v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1911.12562v1 fatcat:c4f4gfi5inglfgdn2wx666mwxi
In particular, we focus on four types of attacks associated with security threats of deep learning: model extraction attack, model inversion attack, poisoning attack and adversarial attack.  ...  In order to unveil the security weaknesses and aid in the development of a robust deep learning system, we undertake an investigation on attacks towards deep learning, and analyze these attacks to conclude  ...  and regularization terms, and so on.  ... 
arXiv:1911.12562v2 fatcat:m3lyece44jgdbp6rlcpj6dz2gm
Multiple Versions
Citation

Yingzhe He and Guozhu Meng and Kai Chen and Xingbo Hu and Jinwen He. "Towards Security Threats of Deep Learning Systems: A Survey." arXiv (2020)

A Survey on Adversarial Attack in the Age of Artificial Intelligence

Zixiao Kong, Jingfeng Xue, Yong Wang, Lu Huang, Zequn Niu, Feng Li, Weizhi Meng
2021 Wireless Communications and Mobile Computing  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20210623093857/https://downloads.hindawi.com/journals/wcmc/2021/4907754.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Facing the increasingly complex neural network model, this paper focuses on the fields of image, text, and malicious code and focuses on the adversarial attack classifications and methods of these three  ...  Then, we introduce the concepts, types, and hazards of adversarial attack. Finally, we review the typical attack algorithms and defense techniques in each application area.  ...  Conflicts of Interest The authors declare that there is no conflict of interest regarding the publication of this paper.  ... 
doi:10.1155/2021/4907754 fatcat:rm6xcf6ryrh6ngro4sl5ifprgy
DOAJ
Citation

Zixiao Kong, Jingfeng Xue, Yong Wang, Lu Huang, Zequn Niu, Feng Li, Weizhi Meng. "A Survey on Adversarial Attack in the Age of Artificial Intelligence." Wireless Communications and Mobile Computing (2021) 1-22

BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection [article]

Yulin Zhu, Yuni Lai, Kaifa Zhao, Xiapu Luo, Mingquan Yuan, Jian Ren, Kai Zhou
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.4 MB)
https://web.archive.org/web/20210709045803/https://arxiv.org/pdf/2106.09989v4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2021 pre-print arXiv:2106.09989v4 fatcat:3uflj4ch5vd4fndo2zcd2fn6pa

Other Versions

2021 pre-print
arXiv:2106.09989v3 fatcat:7nyfchm2j5hnxmhlznfwr4jl6e
2021 pre-print
arXiv:2106.09989v2 fatcat:p2od7lxzf5fbllyui5ms4aijyy
2021 pre-print
arXiv:2106.09989v1 fatcat:4kd54kw2v5d7dawv6pkzu2frdm
We propose a novel attack method termed BinarizedAttack based on gradient descent.  ...  transfer attack setting, BinarizedAttack is also tested effective and in particular, can significantly change the node embeddings learned by the GAD systems.  ...  Attack Transferability We follow the procedure in Section VI-B to conduct transfer attacks against GAL and ReFeX on Bitcoin-Alpha and Wikivote.  ... 
arXiv:2106.09989v5 fatcat:gye6nrb46rce7gupsz5ds6yw34
Open Access Multiple Versions
Citation

Yulin Zhu, Yuni Lai, Kaifa Zhao, Xiapu Luo, Mingquan Yuan, Jian Ren, Kai Zhou. "BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection." arXiv (2022)

Advances in adversarial attacks and defenses in computer vision: A survey [article]

Naveed Akhtar, Ajmal Mian, Navid Kardan, Mubarak Shah
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (5.7 MB)
https://web.archive.org/web/20210906192640/https://arxiv.org/pdf/2108.00401v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2021 pre-print
arXiv:2108.00401v1 fatcat:qyt5rborkrghjjyxcdphwwdpoi
In [2], we reviewed the contributions made by the computer vision community in adversarial attacks on deep learning (and their defenses) until the advent of year 2018.  ...  Finally, this article discusses challenges and future outlook of this direction based on the literature reviewed herein and [2].  ...  They introduced a Skip Gradient Method (SGM) that relies on the gradient flow from skip connections to compute more transferable examples for the models that employ skip connections. X.  ... 
arXiv:2108.00401v2 fatcat:23gw74oj6bblnpbpeacpg3hq5y
Multiple Versions
Citation

Naveed Akhtar, Ajmal Mian, Navid Kardan, Mubarak Shah. "Advances in adversarial attacks and defenses in computer vision: A survey." arXiv (2021)

A Survey on Poisoning Attacks Against Supervised Machine Learning [article]

Wenjun Qiu
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (317.0 kB)
https://web.archive.org/web/20220210080359/https://arxiv.org/pdf/2202.02510v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Other Versions

2022 pre-print
arXiv:2202.02510v1 fatcat:o4liepissvdchauvqb33p4f4ie
With the rise of artificial intelligence and machine learning in modern computing, one of the major concerns regarding such techniques is to provide privacy and security against adversaries.  ...  We conclude this paper with potential improvements and future directions to further exploit and prevent poisoning attacks on supervised models.  ...  ACKNOWLEDGEMENTS We thank Baochun Li for helpful feedback on this manuscript.  ... 
arXiv:2202.02510v2 fatcat:7er7bkeivjdqhnvtmqi44rqdfq
Open Access Multiple Versions
Citation

Wenjun Qiu. "A Survey on Poisoning Attacks Against Supervised Machine Learning." arXiv (2022)

Adversarial Learning in Statistical Classification: A Comprehensive Review of Defenses Against Attacks [article]

David J. Miller, Zhen Xiang, George Kesidis
2019 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.6 MB)
https://web.archive.org/web/20200914053629/https://arxiv.org/pdf/1904.06292v3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1904.06292v1 fatcat:s3f5aflanvdijflr7dcaport6m
2019 pre-print
arXiv:1904.06292v2 fatcat:gcb5hnk5vjgzvnqjtpnow6zuj4
After introducing relevant terminology and the goals and range of possible knowledge of both attackers and defenders, we survey recent work on test-time evasion (TTE), data poisoning (DP), and reverse  ...  We also discuss attacks on the privacy of training data. We then present benchmark comparisons of several defenses against TTE, RE, and backdoor DP attacks on images.  ...  ACKNOWLEDGMENT The authors would like to acknowledge research contributions of their student Yujia Wang, which were helpful in the development of this paper.  ... 
arXiv:1904.06292v3 fatcat:dguztg5w5neirgggg5irh6doci
Multiple Versions
Citation

David J. Miller, Zhen Xiang, George Kesidis. "Adversarial Learning in Statistical Classification: A Comprehensive Review of Defenses Against Attacks." arXiv (2019)

TRS: Transferability Reduced Ensemble via Encouraging Gradient Diversity and Model Smoothness [article]

Zhuolin Yang, Linyi Li, Xiaojun Xu, Shiliang Zuo, Qian Chen, Benjamin Rubinstein, Pan Zhou, Ce Zhang, Bo Li
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (8.2 MB)
https://web.archive.org/web/20211113210637/https://arxiv.org/pdf/2104.00671v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2021 pre-print
arXiv:2104.00671v1 fatcat:kj6ruhp2tze6bcuzff2gehesra
We conduct extensive experiments on TRS and compare with 6 state-of-the-art ensemble baselines against 8 whitebox attacks on different datasets, demonstrating that the proposed TRS outperforms all baselines  ...  We also provide the lower and upper bounds of adversarial transferability under certain conditions.  ...  Acknowledgments and Disclosure of Funding This work is partially supported by the NSF grant No.1910100, NSF CNS 20-46726 CAR, the Amazon Research Award, and the joint CATCH MURI-AUSMURI.  ... 
arXiv:2104.00671v2 fatcat:qaea2rjyefdrthmfv3dyv5przy
Multiple Versions
Citation

Zhuolin Yang, Linyi Li, Xiaojun Xu, Shiliang Zuo, Qian Chen, Benjamin Rubinstein, Pan Zhou, Ce Zhang, Bo Li. "TRS: Transferability Reduced Ensemble via Encouraging Gradient Diversity and Model Smoothness." arXiv (2021)

Adversarial Attack and Defense on Graph Data: A Survey [article]

Lichao Sun, Yingtong Dou, Carl Yang, Ji Wang, Philip S. Yu, Lifang He, Bo Li
2020 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (471.5 kB)
https://web.archive.org/web/20200717163302/https://arxiv.org/pdf/1812.10528v3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2018 pre-print
arXiv:1812.10528v1 fatcat:ylhaj7iv6rbkjet6tqbc3lqoim
2020 pre-print
arXiv:1812.10528v2 fatcat:frij5wuf25hcxgx5jyaq3fp6f4
Though there are several works studying adversarial attack and defense strategies on domains such as images and natural language processing, it is still difficult to directly transfer the learned knowledge  ...  Moreover, we also compare different attacks and defenses on graph data and discuss their corresponding contributions and limitations.  ...  [99] suggested to train an attack-aware GCN based on ground-truth poisoned links generated by Nettack [145] and transfer the ability to assign small attention weights to poisoned links based on meta-learning  ... 
arXiv:1812.10528v3 fatcat:5eiqm6f7xzdltc5klvef44jghe
Multiple Versions
Citation

Lichao Sun, Yingtong Dou, Carl Yang, Ji Wang, Philip S. Yu, Lifang He, Bo Li. "Adversarial Attack and Defense on Graph Data: A Survey." arXiv (2020)

Intriguing Properties of Adversarial ML Attacks in the Problem Space [article]

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro
2020 arXiv   pre-print

Preserved Fulltext

Web Archive Capture PDF (1.7 MB)
https://web.archive.org/web/20200320215116/https://arxiv.org/pdf/1911.02142v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1911.02142v1 fatcat:zrjy4dmd4ndotppznxj7xvfbue
Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping  ...  First, we propose a novel formalization for adversarial ML evasion attacks in the problem-space, which includes the definition of a comprehensive set of constraints on available transformations, preserved  ...  ACKNOWLEDGEMENTS We thank the anonymous reviewers and our shepherd, Nicolas Papernot, for their constructive feedback, as well as Battista Biggio, Konrad Rieck, and Erwin Quiring for feedback on early  ... 
arXiv:1911.02142v2 fatcat:fioc4k5eczf2toexvneuetxnhi
Multiple Versions
Citation

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro. "Intriguing Properties of Adversarial ML Attacks in the Problem Space." arXiv (2020)

Adversarial Attacks against Face Recognition: A Comprehensive Study

Fatemeh Vakhshiteh, Ahmad Nickabadi, Raghavendra Ramachandra
2021 IEEE Access  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.5 MB)
https://web.archive.org/web/20210718032241/https://ieeexplore.ieee.org/ielx7/6287639/6514899/09464957.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

In this article, we present a comprehensive survey on adversarial attacks against FR systems and elaborate on the competence of new countermeasures against them.  ...  Further, we propose a taxonomy of existing attack and defense methods based on different criteria.  ...  [89] concentrated on the poisoning attack design, Komkov and Petiushko [80] focused on the evasion purpose of paper sticker projection on the hats, and Dabouei et al.  ... 
doi:10.1109/access.2021.3092646 fatcat:7cj5z57wxvcbvjmckifkobraoq
DOAJ
Citation

Fatemeh Vakhshiteh, Ahmad Nickabadi, Raghavendra Ramachandra. "Adversarial Attacks against Face Recognition: A Comprehensive Study." IEEE Access (2021) 1-1

Adversarial Attacks against Face Recognition: A Comprehensive Study [article]

Fatemeh Vakhshiteh, Ahmad Nickabadi, Raghavendra Ramachandra
2021 arXiv   pre-print

Preserved Fulltext

Web Archive Capture PDF (812.2 kB)
https://web.archive.org/web/20200725020204/https://arxiv.org/ftp/arxiv/papers/2007/2007.11709.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2020 pre-print arXiv:2007.11709v1 fatcat:gj2er5yhxzbovijg4zyulfpkp4

Other Versions

2021 pre-print
arXiv:2007.11709v2 fatcat:qecmr7qsjfc65dnnphf3xzxopy
Further, we propose a taxonomy of existing attack and defense methods based on different criteria. We compare attack methods on the orientation and attributes and defense approaches on the category.  ...  In this article, we present a comprehensive survey on adversarial attacks against FR systems and elaborate on the competence of new countermeasures against them.  ...  They noticed the high attack transferability and high query-free black-box attack success rate of this approach on a real-world face verification platform.  ... 
arXiv:2007.11709v3 fatcat:jfhcxj6hp5esvcclf2dsehfad4
Multiple Versions
Citation

Fatemeh Vakhshiteh, Ahmad Nickabadi, Raghavendra Ramachandra. "Adversarial Attacks against Face Recognition: A Comprehensive Study." arXiv (2021)

« Previous Showing results 1 — 15 out of 63 results