Petra Vidnerová
ABSTRACT
Studying vulnerability of machine learning models to adversarial examples is an important way to understand their robustness and generalization properties. In this paper, we propose a genetic algorithm for generating adversarial examples for machine learning models. Such approach is able to find adversarial examples without the access to model's parameters. Different models are tested, including both deep and shallow neural networks architectures. We show that RBF networks and SVMs with RBF kernels tend to be rather robust and not prone to misclassification of adversarial examples.
- Francois Chollet. Keras. https://github.com/fchollet/keras, 2015.Google Scholar
- C. Cortes and V. Vapnik. Support-vector networks. Machine Learning, 20(3):273--297, 1995. Google ScholarDigital Library
- F. Girosi, M. Jones, and T. Poggio. Regularization theory and Neural Networks architectures. Neural Computation, 2:219--269, 7 1995. Google ScholarDigital Library
- Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples, 2014. arXiv:1412.6572.Google Scholar
- Yoshua Bengio Ian Goodfellow and Aaron Courville. Deep learning. Book in preparation for MIT Press, 2016.Google Scholar
- Yann LeCun and Corinna Cortes. The mnist database of handwritten digits, 2012.Google Scholar
- M. Mitchell. An Introduction to Genetic Algorithms. MIT Press, Cambridge, MA, 1996. Google ScholarDigital Library
- J. Moody and C. Darken. Fast learning in networks of locally-tuned processing units. Neural Computation, 1:289--303, 1989. Google ScholarDigital Library
- R. Neruda and P. Kudová. Learning methods for radial basis functions networks. Future Generation Computer Systems, 21:1131--1142, 2005. Google ScholarDigital Library
- Anh Mai Nguyen, Jason Yosinski, and Jeff Clune. Deep neural networks are easily fooled: High confidence predictions for unrecognizable images. CoRR, abs/1412.1897, 2014.Google Scholar
- F. Pedregosa et al. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825--2830, 2011. Google ScholarDigital Library
- Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks, 2013. arXiv:1312.6199.Google Scholar
- V. N. Vapnik. Statistical Learning Theory. Wiley, New-York, 1998.Google Scholar
- J. P. Vert, K. Tsuda, and B. Scholkopf. A primer on kernel methods. Kernel Methods in Computational Biology, pages 35--70, 2004.Google Scholar
- Evolutionary generation of adversarial examples for deep and shallow machine learning models
Recommendations
A hybrid adversarial training for deep learning model and denoising network resistant to adversarial examples
AbstractDeep neural networks (DNNs) are vulnerable to adversarial attacks that generate adversarial examples by adding small perturbations to the clean images. To combat adversarial attacks, the two main defense methods used are denoising and adversarial ...
Resisting Adversarial Examples via Wavelet Extension and Denoising
Smart Computing and CommunicationAbstractIt is well known that Deep Neural Networks are vulnerable to adversarial examples. An adversary can inject carefully-crafted perturbations on clean input to manipulate the model output. In this paper, we propose a novel method, WED (Wavelet ...
Adversarial examples: attacks and defences on medical deep learning systems
AbstractIn recent years, significant progress has been achieved using deep neural networks (DNNs) in obtaining human-level performance on various long-standing tasks. With the increased use of DNNs in various applications, public concern over DNNs’ ...
Comments