Modern deep neural networks(DNNs) are vulnerable to adversarial samples. Sparse adversarial samples are a special branch of adversarial samples that can fool the target model by only perturbing a few pixels. The existence of the sparse adversarial attack points out that DNNs are much more vulnerable than people believed, which is also a new aspect for analyzing DNNs. However, current sparse adversarial attack methods still have some shortcomings on both sparsity and invisibility. In this paper, we propose a novel two-stage distortion-aware greedy-based method dubbed as ''GreedyFool. Specifically, it first selects the most effective candidate positions to modify by considering both the gradient(for adversary) and the distortion map(for invisibility), then drops some less important points in the reduce stage. Experiments demonstrate that compared with the start-of-the-art method, we only need to modify 3 times fewer pixels under the same sparse perturbation setting. For target attack, the success rate of our method is 9.96% higher than the start-of-the-art method under the same pixel budget.

Saurabh Bagchi Everything You Always Wanted to Know About PCs, But Were Afraid to Ask https://bit.ly/4e4JoAx Okay, PCs in the title could be Political Correctness or Personal Computers or even Peace Corps. It stands for Program Committees. As researchers, in academia or industry, we often are asked to serve on Program Committees of conferences in our fields of expertise. Serving on PCs signals one is a good citizen of our global technical village and has its own altruistic rewards.

Modern deep neural networks(DNNs) are vulnerable to adversarial samples. Sparse adversarial samples are a special branch of adversarial samples that can fool the target model by only perturbing a few pixels. The existence of the sparse adversarial attack points out that DNNs are much more vulnerable than people believed, which is also a new aspect for analyzing DNNs. However, current sparse adversarial attack methods still have some shortcomings on both sparsity and invisibility. In this paper, we propose a novel two-stage distortion-aware greedy-based method dubbed as ''GreedyFool". Specifically, it first selects the most effective candidate positions to modify by considering both the gradient(for adversary) and the distortion map(for invisibility), then drops some less important points in the reduce stage.

Backdoor attacks pose serious security threats to deep neural networks (DNNs). Backdoored models make arbitrarily (targeted) incorrect predictions on inputs embedded with well-designed triggers while behaving normally on clean inputs. Many works have explored the invisibility of backdoor triggers to improve attack stealthiness. However, most of them only consider the invisibility in the spatial domain without explicitly accounting for the generation of invisible triggers in the frequency domain, making the generated poisoned images be easily detected by recent defense methods. To address this issue, in this paper, we propose a DUal stealthy BAckdoor attack method named DUBA, which simultaneously considers the invisibility of triggers in both the spatial and frequency domains, to achieve desirable attack performance, while ensuring strong stealthiness. Specifically, we first use Discrete Wavelet Transform to embed the high-frequency information of the trigger image into the clean image to ensure attack effectiveness. Then, to attain strong stealthiness, we incorporate Fourier Transform and Discrete Cosine Transform to mix the poisoned image and clean image in the frequency domain. Moreover, the proposed DUBA adopts a novel attack strategy, in which the model is trained with weak triggers and attacked with strong triggers to further enhance the attack performance and stealthiness. We extensively evaluate DUBA against popular image classifiers on four datasets. The results demonstrate that it significantly outperforms the state-of-the-art backdoor attacks in terms of the attack success rate and stealthiness

Typical deep neural network (DNN) backdoor attacks are based on triggers embedded in inputs. Existing imperceptible triggers are computationally expensive or low in attack success. In this paper, we propose a new backdoor trigger, which is easy to generate, imperceptible, and highly effective. The new trigger is a uniformly randomly generated three-dimensional (3D) binary pattern that can be horizontally and/or vertically repeated and mirrored and superposed onto three-channel images for training a backdoored DNN model. Dispersed throughout an image, the new trigger produces weak perturbation to individual pixels, but collectively holds a strong recognizable pattern to train and activate the backdoor of the DNN. We also analytically reveal that the trigger is increasingly effective with the improving resolution of the images. Experiments are conducted using the ResNet-18 and MLP models on the MNIST, CIFAR-10, and BTSR datasets. In terms of imperceptibility, the new trigger outperforms existing triggers, such as BadNets, Trojaned NN, and Hidden Backdoor, by over an order of magnitude. The new trigger achieves an almost 100% attack success rate, only reduces the classification accuracy by less than 0.7%-2.4%, and invalidates the state-of-the-art defense techniques.

An expert on how data and algorithms are changing work responds to Janelle Shane's "The Skeleton Crew." "The Skeleton Crew" asks us to consider two questions. The first is an interesting twist on an age-old thought experiment. But the second is more complicated, because the story invites us to become aware of a very real phenomenon and to consider what, if anything, should be done about the way the world is working for some people. The first question explores what it would mean if our machines, robots, and now artificial intelligences had feelings the way we do. "The Skeleton Crew" offers an interesting twist because the A.I. indeed has feelings just like us, because it is, in fact, us: The A.I. is a group of remote workers faking the operations of a haunted house to make it seem automated and intelligent.

An expert on how data and algorithms are changing work responds to Janelle Shane's "The Skeleton Crew." "The Skeleton Crew" asks us to consider two questions. The first is an interesting twist on an age-old thought experiment. But the second is more complicated, because the story invites us to become aware of a very real phenomenon and to consider what, if anything, should be done about the way the world is working for some people. The first question explores what it would mean if our machines, robots, and now artificial intelligences had feelings the way we do. "The Skeleton Crew" offers an interesting twist because the A.I. indeed has feelings just like us, because it is, in fact, us: The A.I. is a group of remote workers faking the operations of a haunted house to make it seem automated and intelligent.

Invisibility is no longer science fiction. Researchers have developed a unique light wave that, when beamed through an object, makes the object appear invisible to cameras and even the human eye. The backstory: If you think invisibility cloaks are only for wizards, think again. Scientists have been trying to solve this challenge since long before Dumbledore bestowed the hallow cloak upon Harry Potter, and invisibility tech is for real. With the tricks of the camera, scientists can capture pictures of what's behind an object, then project them onto the object's surface, making it seem to disappear.