Adversarial Attacks

“My Wife and My Mother-In-Law”
Source
Source
Source
Source
Source

Creating adversarial attacks

  • drops the probability pᵢ(x) the most for the ground truth label i, while
  • increase pⱼ(x) the most for a wrong label j (or a specific target label j).

Why the adversarial attack can be done so successful

Modified from source
Source (Pockets of adversarial samples v.s. along a plane)

Fast gradient sign method (FGSM)

Targeted fast gradient sign method (T-FGSM)

Basic iterative method (BIM)/Projected Gradient Descent (PGD)

Source

Model Linearity

Source

The momentum iterative fast gradient sign method (MI-FGSM)

Source

Jacobian-based Saliency Map Attack (JSMA)

DeepFool

Source
Source

Carlini and Wagner Attacks

Source
Source

Universal adversarial attack

Adversarial training

Source

Defensive distillation

Source

Gradient masking

Source

Black box attacks

Source

Adversarial Example Detector

Denoiser

Source
Source (The denoiser is applied to convert x* to generate the denoised image x hat.)

Randomization

Source
Source
Source

Penalize Layers’ Lipschitz Constant

Source

GAN

Source

Effectiveness of the Defenses

Source
Source

Other applications

Source

Credits & references

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store