/Adversarial_Learning_Paper

Paper Collection of Adversarial Machine Learning

Primary LanguagePython

Adversarial Machine Learning Paper

Papers about Adversarial Machine Learning.

( Not to be confused with Generative adversarial network, GAN )

The FIRST Paper

In this paper, the author first noticed the existence of adversarial examples in image classification application.

  • L-BFGS Intriguing properities of neural networkds,2013 , [ paper ]

Introduction and Analysis

  • Adversarial Machine Learning, 2011, [ paper ]
  • Adversarial examples in the physical world
  • Exploring the space of adversarial images
  • Analysis of classifiers’ robustness to adversarial perturbations
  • Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods, Nicholas Carlini & David Wagner, [ code ], [paper]
  • Analysis of classifiers' robustness to adversarial perturbations, Machine Learning , [ paper]
  • Adversarial Machine Learning at Scale, ICLR 2017,[ paper ]
  • ADVERSARIAL EXAMPLES FOR GENERATIVE MODELS
  • Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
  • The Space of Transferable Adversarial Examples
  • Adversarial Examples that Fool both Human and Computer Vision
  • taxonomy of adversaries against DNN classifers? : The Limitations of Deep Learning in Adversarial Settings [ paper ]

Survey

  • Adversarial Examples: Attacks and Defenses for Deep Learning, 2018, [ paper ],
  • Towards the Science of Security and Privacy in Machine Learning, Patrick McDaniel
  • Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018 ,CoRR, [ paper ]
  • Speech Recognition System: Adversarial Examples for Automatic Speech Recognition : Attacks and Countermeasures

Attacks

In this category, the author usually luanch an attack to an classifier model, trained using CNN or other machine learning algorithms. A typical way to attack is to add some kind of small noise directly to the matrix (or image) and feed it into the target classifier, then get a different (false) classification result.

  • FGSM : Explaining and Harnessing Adversarial Examples
  • RAND + FGSM : Practical Black-Box Attacks against Machine Learning
  • CW-Attack : Towards Evaluating the Robustness of Neural Networks, Nicholas Carlini & David Wagner, [ paper ]
  • Traffic Light : Fooling Vision and Language Models Despite Localization and Attention Mechanism , CVPR 2018
  • Hack ICLR 2018 : Obfuscated Gradients Give a False Sense of Security : Circumventing Defenses to Adversarial Examples
  • Deep neural networks are easily fooled: High confidence predictions for unrecognizable images
  • Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning, Chang Liu, [ paper ]
  • Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning , Oakland '18 ,Chang Liu, [ paper ]
  • Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR '17, [ paper ]
  • Shielding Google's language toxicity model against adversarial attacks , [ paper ]
  • Generating Adversarial Examples with Adversarial Networks, Dawn Song, [ paper ]
  • Spatially Transformed Adversarial Examples, Dawn Song, [ paper]
  • Adversarial Deep Learning for Robust Detection of Binary Encoded Malware, [ paper ]
  • Black box Attack : Black-box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers, [ paper]
  • Black box Attack : Delving into Transferable Adversarial Examples and Black-box Attacks
  • traffic sign : Robust Physical-World Attacks on Deep Learning Models
  • Adversarial Perturbations Against Deep Neural Networks for Malware Classific
  • Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers
  • Defensive distillation is not robust to adversarial examples
  • R+FGSM : Ensemble Adversarial Training: Attacks and Defenses [ paper]
  • PGD Towards Deep Learning Models Resistant to Adversarial Attacks
  • Adversarial Patch NIPS 2017 : [ paper ]
  • Deepfool Deepfool: a simple and accurate method tofool deep neural networks

Attacks using Visible Pattern

  • Adversarial Patch

Attacks against Face Recognition System

In this category, the attacker focus on a face recognition system (like Face++), to make the classifier misclassify the input face or cannot detect faces.

  • Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
  • Invisible Mask: Practical Attacks on Face Recognition with Infrared
  • High Dimensional Spaces, Deep Learning and Adversarial Examples, [ paper ]

Attack against Speech Recognition System

  • Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding 【NDSS 2019】
  • Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition , [ paper ]
  • Speech : Did you hear that? Adversarial Examples Against Automatic Speech Recognition, [ paper ]
  • Speech : * Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, [ paper ] white box, targeted attack, directed input
  • Adversarial Vulnerability of Neural Networks Increases With Input Dimension , [ paper ]
  • Speech : DolphinAttack: Inaudible Voice Commands

Attacks against Malware Detection

  • Evading Classifiers by Morphing in the Dark, black-box attack
  • Adversarial examples for malware detection
  • Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach, 2018 , Computers & Security, [ paper]
  • Adversarially Robust Malware Detection Using Monotonic Classification,CODASPY 2018, [ paper ]
  • Adversarial Training Methods for Semi-Supervised Text Classification , ICLR 2017, [ paper ]

Attacks against NLP System

  • TextBugger: Generating Adversarial Text Against Real-world Applications, NDSS'19 paper

Defenses

In this category, some defensive techniques are proposed, the way to defense adversarial various and some typical defense method are listed:

  • Detecting the adversarial examples
  • Increase the robustness of the classifier (especially neural networks)
  • Add pre-processing process before feed samples into the classifier
  • etc.

Papers:

  • Detecting Adversarial Examples in Deep Networks with Adaptive Noise Reduction, detecting, 2018
  • SafetyNet: Detecting and Rejecting Adversarial Examples Robustly
  • Improving the Robustness of Deep Neural Networks via Stability Training
  • Efficient Defenses Against Adversarial Attacks
  • Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks
  • MagNet: a Two-Pronged Defense against Adversarial Examples
  • Hardening Deep Neural Networks via Adversarial Model Cascades, [ paper ]
  • On Detecting Adversarial Perturbations, ICLR 2017, [paper]
  • Defence Mitigating adversarial effects through randomization defend by randomly padding/resizing/perturbing (denoising)
  • Robust Linear Regression Against Training Data Poisoning, AISec@CCS 17 , [ paper ]