Internet Archive Scholar

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples [article]

Anish Athalye, Nicholas Carlini, David Wagner
2018 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (414.8 kB)
https://web.archive.org/web/20200824185551/https://arxiv.org/pdf/1802.00420v4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2018 pre-print
arXiv:1802.00420v3 fatcat:mpnwuv5sfzgxrf6nm653zwytey
2018 pre-print
arXiv:1802.00420v1 fatcat:xbrfddf2qndt3b7tgi47is2w24
2018 pre-print
arXiv:1802.00420v2 fatcat:s2zshvklmnhr7as2jdlsh4wtke
We identify obfuscated gradients, a kind of gradient masking, as a phenomenon that leads to a false sense of security in defenses against adversarial examples. While defenses that cause obfuscated gradients appear to defeat iterative optimization-based attacks, we find defenses relying on this effect can be circumvented. We describe characteristic behaviors of defenses exhibiting the effect, and for each of the three types of obfuscated gradients we discover, we develop attack techniques to
more » ... come it. In a case study, examining non-certified white-box-secure defenses at ICLR 2018, we find obfuscated gradients are a common occurrence, with 7 of 9 defenses relying on obfuscated gradients. Our new attacks successfully circumvent 6 completely, and 1 partially, in the original threat model each paper considers.
arXiv:1802.00420v4 fatcat:xtvtcfgyunbfdlp6kfp5k6gfke
Multiple Versions
Citation

Anish Athalye, Nicholas Carlini, David Wagner. "Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples." arXiv (2018)