Beating Attackers At Their Own Games: Adversarial Example Detection Using Adversarial Gradient Directions
نویسندگان
چکیده
Adversarial examples are input that specifically crafted to deceive machine learning classifiers. State-of-the-art adversarial example detection methods characterize an as either by quantifying the magnitude of feature variations under multiple perturbations or measuring its distance from estimated benign distribution. Instead using such metrics, proposed method is based on observation directions gradients when crafting (new) play a key role in characterizing space. Compared use perturbations, efficient it only applies single random perturbation example. Experiments conducted two different databases, CIFAR-10 and ImageNet, show achieves, respectively, 97.9% 98.6% AUC-ROC (on average) five attacks, outperforms state-of-the-art methods. Results demonstrate effectiveness gradient for detection.
منابع مشابه
Adversarial Leakage in Games
While the minimax strategy has become the standard, and most agreed-upon solution for decision-making in adversarial settings, as discussed in game theory, computer science and other disciplines, its power arises from the use of mixed strategies, aka probabilistic algorithms. Nevertheless, in adversarial settings we face the risk of information leakage about the actual strategy instantiation. H...
متن کاملAdversarial Patrolling Games
Defender-Attacker Stackelberg games are the foundations of tools deployed for computing optimal patrolling strategies in adversarial domains such as the United states Federal Air Marshals Service and the United States Coast Guard, among others. In Stackelberg game models of these systems the attacker knows only the probability that each target is covered by the defender, but is oblivious to the...
متن کاملAdversarial Patrolling Games
Defender-Attacker Stackelberg games are the foundations of tools deployed for computing optimal patrolling strategies in adversarial domains such as the United states Federal Air Marshals Service and the United States Coast Guard, among others. In Stackelberg game models of these systems the attacker knows only the probability that each target is covered by the defender, but is oblivious to the...
متن کاملAdversarial Hierarchical-Task Network Planning for Real-Time Adversarial Games
Real-time strategy (RTS) games are hard from an AI point of view because they have enormous state spaces, combinatorial branching factors, allow simultaneous and durative actions, and players have very little time to choose actions. For these reasons, standard game tree search methods such as alphabeta search or Monte Carlo Tree Search (MCTS) are not sufficient by themselves to handle these gam...
متن کاملAdversarial Texts with Gradient Methods
Adversarial samples for images have been extensively studied in the literature. Among many of the attacking methods, gradient-based methods are both effective and easy to compute. In this work, we propose a framework to adapt the gradient attacking methods on images to text domain. The main difficulties for generating adversarial texts with gradient methods are: (i) the input space is discrete,...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence
سال: 2021
ISSN: ['2159-5399', '2374-3468']
DOI: https://doi.org/10.1609/aaai.v35i4.16404