papers in adversarial machine learning

With more and more deep learning models being trained from public data, there is a risk of poisoned data being fed to these models during training. Here, we talk about one approach to constructing poisoned training data to attack deep learning models.

What if we could print an adversarial attack that evades detection by computer algorithms on the clothes you wear every day? This turns out to be a hard problem, because of the way fabric folds and shifts. Luckily, you can modify an attack training algorithm to incorporate that very behavior -- giving you your own adversarial t-shirt.

Adversarial patches showed a lot promise in 2017 for confusing object detection algorithms -- by making bananas look like a toaster. But what if you want the bananas to disappear? This blog post summarizes a 2019 paper showing how an adversarial patch can conduct an evasion attack, to avoid detection at all.

Adding small pixel changes won't be a successful adversarial attack in real life, because those changes get lost in lighting/shadows/dust on the camera lens. A newer technique -- adversarial patches -- provides a method for fooling object detection algorithms that are deployed in the real world.

You might not be aware of something very interesting -- that the big fancy neural networks that companies like Google and Facebook use inside their products are actually quite easy to fool. Here's how it works.