papers in adversarial machine learning — computer vision

Know thy enemy : classifying attackers with adversarial fingerprinting

Posted by Dillon Niederhut on

In threat intelligence, you want to know the characteristics of possible adversaries. In the world of machine learning, this could mean keeping a database of "fingerprints" of known attacks, and using these to inform real time defense strategies if your inference system comes under attack. Would you like to know more?

Read more →


Steganalysis based detection of adversarial attacks

Posted by Dillon Niederhut on

Training adversarially robust machine learning models can be expensive. Instead, you can use a set of steganalysis approaches to detect malicious inputs before they hit your model. This reduces the cost of deployment and training while still promoting AI safety.

Read more →


What if adversarial defenses just need more JPEG?

Posted by Dillon Niederhut on

Adversarial patterns are specially crafted image perturbations that trick models into producing incorrect outputs. Applying JPEG compression to the inputs of a computer vision model can effectively "smear" out adversarial perturbations, making it more difficult to successfully launch an adversarial attack.

Read more →


Anti-adversarial examples: what to do if you want to be seen?

Posted by Dillon Niederhut on

Most uses of adversarial machine learning involve attacking or bypassing a computer vision system that someone else has designed. However, you can use the same tools to generate "unadversarial" examples, that give machine learning models much better performance when deployed in real life.

Read more →


We're not so different, you and I: adversarial attacks are poisonous training samples

Posted by Dillon Niederhut on

Data poisoning is when someone adds small changes to a training dataset to cause any model trained on those data to misbehave. An effective heuristic approach involves generating adversarial examples instead. The authors show degradations in model accuracy that are worse than random chance performance.

Read more →