分析深度学习对对抗性示例的鲁棒性

2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton) Pub Date : 2018-10-01 DOI:10.1109/ALLERTON.2018.8636048

Jun Zhao

{"title":"分析深度学习对对抗性示例的鲁棒性","authors":"Jun Zhao","doi":"10.1109/ALLERTON.2018.8636048","DOIUrl":null,"url":null,"abstract":"Recent studies have shown the vulnerability of many deep learning algorithms to adversarial examples, which an attacker obtains by adding subtle perturbation to benign inputs in order to cause misbehavior of deep learning. For instance, an attacker can add carefully selected noise to a panda image so that the resulting image is still a panda to a human being but is predicted as a gibbon by the deep learning algorithm. As a first step to propose effective defense mechanisms against such adversarial examples, we analyze the robustness of deep learning against adversarial examples. Specifically, we prove a strict lower bound for the minimum $\\ell_{p}$ distortion of a data point to obtain an adversarial example.","PeriodicalId":299280,"journal":{"name":"2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Analyzing the Robustness of Deep Learning Against Adversarial Examples\",\"authors\":\"Jun Zhao\",\"doi\":\"10.1109/ALLERTON.2018.8636048\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent studies have shown the vulnerability of many deep learning algorithms to adversarial examples, which an attacker obtains by adding subtle perturbation to benign inputs in order to cause misbehavior of deep learning. For instance, an attacker can add carefully selected noise to a panda image so that the resulting image is still a panda to a human being but is predicted as a gibbon by the deep learning algorithm. As a first step to propose effective defense mechanisms against such adversarial examples, we analyze the robustness of deep learning against adversarial examples. Specifically, we prove a strict lower bound for the minimum $\\\\ell_{p}$ distortion of a data point to obtain an adversarial example.\",\"PeriodicalId\":299280,\"journal\":{\"name\":\"2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ALLERTON.2018.8636048\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ALLERTON.2018.8636048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

最近的研究表明，许多深度学习算法容易受到对抗性示例的攻击，攻击者通过在良性输入中添加微妙的扰动来获得对抗性示例，从而导致深度学习的不当行为。例如，攻击者可以在熊猫图像中添加精心挑选的噪声，这样得到的图像对人类来说仍然是熊猫，但被深度学习算法预测为长臂猿。作为针对此类对抗性示例提出有效防御机制的第一步，我们分析了深度学习对对抗性示例的鲁棒性。具体来说，我们证明了数据点的最小$\ell_{p}$失真的严格下界，以获得一个对抗示例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analyzing the Robustness of Deep Learning Against Adversarial Examples

Recent studies have shown the vulnerability of many deep learning algorithms to adversarial examples, which an attacker obtains by adding subtle perturbation to benign inputs in order to cause misbehavior of deep learning. For instance, an attacker can add carefully selected noise to a panda image so that the resulting image is still a panda to a human being but is predicted as a gibbon by the deep learning algorithm. As a first step to propose effective defense mechanisms against such adversarial examples, we analyze the robustness of deep learning against adversarial examples. Specifically, we prove a strict lower bound for the minimum $\ell_{p}$ distortion of a data point to obtain an adversarial example.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton)

自引率

0.00%

发文量