Adversarial Machine Learning Paper

Papers about Adversarial Machine Learning.

( Not to be confused with Generative adversarial network, GAN )

The FIRST Paper

In this paper, the author first noticed the existence of adversarial examples in image classification application.

• L-BFGS Intriguing properities of neural networkds,2013 , [ paper ]

Introduction and Analysis

• Adversarial Machine Learning, 2011, [ paper ]
• Adversarial examples in the physical world
• Exploring the space of adversarial images
• Analysis of classifiers robustness to adversarial perturbations
• Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods, Nicholas Carlini & David Wagner, [ code ], [paper]
• Analysis of classifiers' robustness to adversarial perturbations, Machine Learning , [ paper]
• Adversarial Machine Learning at Scale, ICLR 2017,[ paper ]
• ADVERSARIAL EXAMPLES FOR GENERATIVE MODELS
• Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
• The Space of Transferable Adversarial Examples
• Adversarial Examples that Fool both Human and Computer Vision
• taxonomy of adversaries against DNN classifers? : The Limitations of Deep Learning in Adversarial Settings [ paper ]

Survey

• Adversarial Examples: Attacks and Defenses for Deep Learning, 2018, [ paper ],
• Towards the Science of Security and Privacy in Machine Learning, Patrick McDaniel
• Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018 ,CoRR, [ paper ]
• Speech Recognition System: Adversarial Examples for Automatic Speech Recognition : Attacks and Countermeasures

Attacks

In this category, the author usually luanch an attack to an classifier model, trained using CNN or other machine learning algorithms. A typical way to attack is to add some kind of small noise directly to the matrix (or image) and feed it into the target classifier, then get a different (false) classification result.

• FGSM : Explaining and Harnessing Adversarial Examples
• RAND + FGSM : Practical Black-Box Attacks against Machine Learning
• CW-Attack : Towards Evaluating the Robustness of Neural Networks, Nicholas Carlini & David Wagner, [ paper ]
• Traffic Light : Fooling Vision and Language Models Despite Localization and Attention Mechanism , CVPR 2018
• Hack ICLR 2018 : Obfuscated Gradients Give a False Sense of Security : Circumventing Defenses to Adversarial Examples
• Deep neural networks are easily fooled: High confidence predictions for unrecognizable images
• Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning, Chang Liu, [ paper ]
• Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning , Oakland '18 ,Chang Liu, [ paper ]
• Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR '17, [ paper ]
• Shielding Google's language toxicity model against adversarial attacks , [ paper ]
• Generating Adversarial Examples with Adversarial Networks, Dawn Song, [ paper ]
• Spatially Transformed Adversarial Examples, Dawn Song, [ paper]
• Adversarial Deep Learning for Robust Detection of Binary Encoded Malware, [ paper ]
• Black box Attack : Black-box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers, [ paper]
• Black box Attack : Delving into Transferable Adversarial Examples and Black-box Attacks
• traffic sign : Robust Physical-World Attacks on Deep Learning Models
• Adversarial Perturbations Against Deep Neural Networks for Malware Classific
• Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers
• Defensive distillation is not robust to adversarial examples
• R+FGSM : Ensemble Adversarial Training: Attacks and Defenses [ paper]
• PGD Towards Deep Learning Models Resistant to Adversarial Attacks
• Adversarial Patch NIPS 2017 : [ paper ]
• Deepfool Deepfool: a simple and accurate method tofool deep neural networks

Attacks using Visible Pattern

• Adversarial Patch

Attacks against Face Recognition System

In this category, the attacker focus on a face recognition system (like Face++), to make the classifier misclassify the input face or cannot detect faces.

• Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
• Invisible Mask: Practical Attacks on Face Recognition with Infrared
• High Dimensional Spaces, Deep Learning and Adversarial Examples, [ paper ]

Attack against Speech Recognition System

• Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding NDSS 2019
• Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition , [ paper ]
• Speech : Did you hear that? Adversarial Examples Against Automatic Speech Recognition, [ paper ]
• Speech : * Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, [ paper ] white box, targeted attack, directed input
• Adversarial Vulnerability of Neural Networks Increases With Input Dimension , [ paper ]
• Speech : DolphinAttack: Inaudible Voice Commands

Attacks against Malware Detection

• Evading Classifiers by Morphing in the Dark, black-box attack
• Adversarial examples for malware detection
• Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach, 2018 , Computers & Security, [ paper]
• Adversarially Robust Malware Detection Using Monotonic Classification,CODASPY 2018, [ paper ]
• Adversarial Training Methods for Semi-Supervised Text Classification , ICLR 2017, [ paper ]

Attacks against NLP System

• TextBugger: Generating Adversarial Text Against Real-world Applications, NDSS'19 paper

Defenses

In this category, some defensive techniques are proposed, the way to defense adversarial various and some typical defense method are listed:

• Detecting the adversarial examples
• Increase the robustness of the classifier (especially neural networks)
• Add pre-processing process before feed samples into the classifier
• etc.

Papers:

• Detecting Adversarial Examples in Deep Networks with Adaptive Noise Reduction, detecting, 2018
• SafetyNet: Detecting and Rejecting Adversarial Examples Robustly
• Improving the Robustness of Deep Neural Networks via Stability Training
• Efficient Defenses Against Adversarial Attacks
• Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks
• MagNet: a Two-Pronged Defense against Adversarial Examples
• Hardening Deep Neural Networks via Adversarial Model Cascades, [ paper ]
• On Detecting Adversarial Perturbations, ICLR 2017, [paper]
• Defence Mitigating adversarial effects through randomization defend by randomly padding/resizing/perturbing (denoising)
• Robust Linear Regression Against Training Data Poisoning, AISec@CCS 17 , [ paper ]