Papers about Adversarial Machine Learning.
( Not to be confused with Generative adversarial network, GAN )
In this paper, the author first noticed the existence of adversarial examples in image classification application.
- L-BFGS Intriguing properities of neural networkds,2013 , [ paper ]
- Adversarial Machine Learning, 2011, [ paper ]
- Adversarial examples in the physical world
- Exploring the space of adversarial images
- Analysis of classifiers’ robustness to adversarial perturbations
- Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods, Nicholas Carlini & David Wagner, [ code ], [paper]
- Analysis of classifiers' robustness to adversarial perturbations, Machine Learning , [ paper]
- Adversarial Machine Learning at Scale, ICLR 2017,[ paper ]
- ADVERSARIAL EXAMPLES FOR GENERATIVE MODELS
- Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
- The Space of Transferable Adversarial Examples
- Adversarial Examples that Fool both Human and Computer Vision
- taxonomy of adversaries against DNN classifers? : The Limitations of Deep Learning in Adversarial Settings [ paper ]
- Adversarial Examples: Attacks and Defenses for Deep Learning, 2018, [ paper ],
- Towards the Science of Security and Privacy in Machine Learning, Patrick McDaniel
- Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018 ,CoRR, [ paper ]
- Speech Recognition System: Adversarial Examples for Automatic Speech Recognition : Attacks and Countermeasures
In this category, the author usually luanch an attack to an classifier model, trained using CNN or other machine learning algorithms. A typical way to attack is to add some kind of small noise directly to the matrix (or image) and feed it into the target classifier, then get a different (false) classification result.
- FGSM : Explaining and Harnessing Adversarial Examples
- RAND + FGSM : Practical Black-Box Attacks against Machine Learning
- CW-Attack : Towards Evaluating the Robustness of Neural Networks, Nicholas Carlini & David Wagner, [ paper ]
- Traffic Light : Fooling Vision and Language Models Despite Localization and Attention Mechanism , CVPR 2018
- Hack ICLR 2018 : Obfuscated Gradients Give a False Sense of Security : Circumventing Defenses to Adversarial Examples
- Deep neural networks are easily fooled: High confidence predictions for unrecognizable images
- Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning, Chang Liu, [ paper ]
- Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning , Oakland '18 ,Chang Liu, [ paper ]
- Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR '17, [ paper ]
- Shielding Google's language toxicity model against adversarial attacks , [ paper ]
- Generating Adversarial Examples with Adversarial Networks, Dawn Song, [ paper ]
- Spatially Transformed Adversarial Examples, Dawn Song, [ paper]
- Adversarial Deep Learning for Robust Detection of Binary Encoded Malware, [ paper ]
- Black box Attack : Black-box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers, [ paper]
- Black box Attack : Delving into Transferable Adversarial Examples and Black-box Attacks
- traffic sign : Robust Physical-World Attacks on Deep Learning Models
- Adversarial Perturbations Against Deep Neural Networks for Malware Classific
- Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers
- Defensive distillation is not robust to adversarial examples
- R+FGSM : Ensemble Adversarial Training: Attacks and Defenses [ paper]
- PGD Towards Deep Learning Models Resistant to Adversarial Attacks
- Adversarial Patch NIPS 2017 : [ paper ]
- Deepfool Deepfool: a simple and accurate method tofool deep neural networks
- Adversarial Patch
In this category, the attacker focus on a face recognition system (like Face++), to make the classifier misclassify the input face or cannot detect faces.
- Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
- Invisible Mask: Practical Attacks on Face Recognition with Infrared
- High Dimensional Spaces, Deep Learning and Adversarial Examples, [ paper ]
- Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding 【NDSS 2019】
- Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition , [ paper ]
- Speech : Did you hear that? Adversarial Examples Against Automatic Speech Recognition, [ paper ]
- Speech : * Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, [ paper ] white box, targeted attack, directed input
- Adversarial Vulnerability of Neural Networks Increases With Input Dimension , [ paper ]
- Speech : DolphinAttack: Inaudible Voice Commands
- Evading Classifiers by Morphing in the Dark, black-box attack
- Adversarial examples for malware detection
- Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach, 2018 , Computers & Security, [ paper]
- Adversarially Robust Malware Detection Using Monotonic Classification,CODASPY 2018, [ paper ]
- Adversarial Training Methods for Semi-Supervised Text Classification , ICLR 2017, [ paper ]
- TextBugger: Generating Adversarial Text Against Real-world Applications, NDSS'19 paper
In this category, some defensive techniques are proposed, the way to defense adversarial various and some typical defense method are listed:
- Detecting the adversarial examples
- Increase the robustness of the classifier (especially neural networks)
- Add pre-processing process before feed samples into the classifier
- etc.
Papers:
- Detecting Adversarial Examples in Deep Networks with Adaptive Noise Reduction, detecting, 2018
- SafetyNet: Detecting and Rejecting Adversarial Examples Robustly
- Improving the Robustness of Deep Neural Networks via Stability Training
- Efficient Defenses Against Adversarial Attacks
- Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks
- MagNet: a Two-Pronged Defense against Adversarial Examples
- Hardening Deep Neural Networks via Adversarial Model Cascades, [ paper ]
- On Detecting Adversarial Perturbations, ICLR 2017, [paper]
- Defence Mitigating adversarial effects through randomization defend by randomly padding/resizing/perturbing (denoising)
- Robust Linear Regression Against Training Data Poisoning, AISec@CCS 17 , [ paper ]