defense method
Constructing Unrestricted Adversarial Examples with Generative Models
Adversarial examples are typically constructed by perturbing an existing data point within a small matrix norm, and current defense methods are focused on guarding against this type of attack. In this paper, we propose a new class of adversarial examples that are synthesized entirely from scratch using a conditional generative model, without being restricted to norm-bounded perturbations. We first train an Auxiliary Classifier Generative Adversarial Network (AC-GAN) to model the class-conditional distribution over data samples. Then, conditioned on a desired class, we search over the AC-GAN latent space to find images that are likely under the generative model and are misclassified by a target classifier. We demonstrate through human evaluation that these new kind of adversarial images, which we call Generative Adversarial Examples, are legitimate and belong to the desired class. Our empirical results on the MNIST, SVHN, and CelebA datasets show that generative adversarial examples can bypass strong adversarial training and certified defense methods designed for traditional adversarial attacks.
SampDetox: Black-box Backdoor Defense via Perturbation-based Sample Detoxification Y anxin Y ang
MLaaS are limited by their reliance on training samples or white-box model analysis, highlighting the need for a black-box backdoor purification method.
- Information Technology > Security & Privacy (1.00)
- Transportation (0.70)
- Government (0.67)
Setting the Trap: Capturing and Defeating Backdoors in Pretrained Language Models through Honeypots Ruixiang T ang
In the field of natural language processing, the prevalent approach involves fine-tuning pretrained language models (PLMs) using local samples.
Mitigating Backdoor Attack by Injecting Proactive Defensive Backdoor
In addition, we introduce a reversible mapping to determine the defensive target label.
- Research Report > New Finding (1.00)
- Research Report > Experimental Study (0.93)
Uncovering, Explaining, and Mitigating the Superficial Safety of Backdoor Defense
However, Does achieving a low ASR through current safety purification methods truly eliminate learned backdoor features from the pretraining phase? In this paper, we provide an affirmative answer to this question by thoroughly investigating the Post-Purification Robustness of current backdoor purification methods.
- Europe > Latvia > Lubāna Municipality > Lubāna (0.04)
- North America > United States > Pennsylvania (0.04)
- Asia > China > Hong Kong (0.04)
- Research Report > New Finding (1.00)
- Research Report > Experimental Study (0.93)
c24cd76e1ce41366a4bbe8a49b02a028-AuthorFeedback.pdf
We thank the reviewers [R1, R2, R3] for their valuable and constructive comments. We are glad that all of them1 appreciate the novelty of the proposed metric learning approach for adversarial robustness.
Constructing Unrestricted Adversarial Examples with Generative Models
Yang Song, Rui Shu, Nate Kushman, Stefano Ermon
To mitigate the threat of adversarial examples, a large number of methods have been developed.
- North America > United States > California > Santa Clara County > Palo Alto (0.04)
- North America > Canada > Quebec > Montreal (0.04)
TrainingwithMoreConfidence: MitigatingInjected andNaturalBackdoorsDuringTraining
Researchers find that DNNs trained on benign data and settings can also learn backdoor behaviors, which is known as the natural backdoor.
