Tom Cruise has gone viral on the popular video-sharing app TikTok, but the clips featuring the'Mission Impossible' star are deepfakes that experts are calling the'most alarmingly lifelike examples' of the technology. An account appeared on the app last week, dubbed'deeptomcruise,' which shows a number of videos depicting Cruise doing a magic trick, playing golf and reminiscing about the time he met the former President of the Soviet Union. The series of clips have been seen more than 11 million times on TikTok as of Tuesday, with many millions more on other social media platforms. Although the clips are for entertainment, experts warn that such content'should worry us'. 'Seeing is no longer believing' rhetoric undermines real video.' An account appeared on the app last week, dubbed'deeptomcruise,' which shows a number of videos that have been viewed more than 11 million times.
This paper addresses the challenging black-box adversarial attack problem, where only classification confidence of a victim model is available. Inspired by consistency of visual saliency between different vision models, a surrogate model is expected to improve the attack performance via transferability. By combining transferability-based and query-based black-box attack, we propose a surprisingly simple baseline approach (named SimBA++) using the surrogate model, which significantly outperforms several state-of-the-art methods. Moreover, to efficiently utilize the query feedback, we update the surrogate model in a novel learning scheme, named High-Order Gradient Approximation (HOGA). By constructing a high-order gradient computation graph, we update the surrogate model to approximate the victim model in both forward and backward pass. The SimBA++ and HOGA result in Learnable Black-Box Attack (LeBA), which surpasses previous state of the art by considerable margins: the proposed LeBA significantly reduces queries, while keeping higher attack success rates close to 100% in extensive ImageNet experiments, including attacking vision benchmarks and defensive models. Code is open source at https://github.com/TrustworthyDL/LeBA.
Kurakin, Alexey, Goodfellow, Ian, Bengio, Samy, Dong, Yinpeng, Liao, Fangzhou, Liang, Ming, Pang, Tianyu, Zhu, Jun, Hu, Xiaolin, Xie, Cihang, Wang, Jianyu, Zhang, Zhishuai, Ren, Zhou, Yuille, Alan, Huang, Sangxia, Zhao, Yao, Zhao, Yuzhe, Han, Zhonglin, Long, Junjiajia, Berdibekov, Yerkebulan, Akiba, Takuya, Tokui, Seiya, Abe, Motoki
To accelerate research on adversarial examples and robustness of machine learning classifiers, Google Brain organized a NIPS 2017 competition that encouraged researchers to develop new methods to generate adversarial examples as well as to develop new ways to defend against them. In this chapter, we describe the structure and organization of the competition and the solutions developed by several of the top-placing teams.