Gradient Concealment: Free Lunch for Defending Adversarial Attacks
- URL: http://arxiv.org/abs/2205.10617v1
- Date: Sat, 21 May 2022 15:02:56 GMT
- Title: Gradient Concealment: Free Lunch for Defending Adversarial Attacks
- Authors: Sen Pei, Jiaxi Sun, Xiaopeng Zhang, Gaofeng Meng
- Abstract summary: We propose a plug-and-play layer that is training-free, concealing the vulnerable direction of gradient while guaranteeing the classification accuracy during the inference time.
GCM reports superior defense results on the ImageNet classification benchmark, improving up to 63.41% top-1 attack (AR) when faced with adversarial inputs.
We use GCM in the CVPR 2022 Robust Classification Challenge, currently achieving textbf2nd place in Phase II with only a tiny version of ConvNext.
- Score: 18.98319703484334
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Recent studies show that the deep neural networks (DNNs) have achieved great
success in various tasks. However, even the \emph{state-of-the-art} deep
learning based classifiers are extremely vulnerable to adversarial examples,
resulting in sharp decay of discrimination accuracy in the presence of enormous
unknown attacks. Given the fact that neural networks are widely used in the
open world scenario which can be safety-critical situations, mitigating the
adversarial effects of deep learning methods has become an urgent need.
Generally, conventional DNNs can be attacked with a dramatically high success
rate since their gradient is exposed thoroughly in the white-box scenario,
making it effortless to ruin a well trained classifier with only imperceptible
perturbations in the raw data space. For tackling this problem, we propose a
plug-and-play layer that is training-free, termed as \textbf{G}radient
\textbf{C}oncealment \textbf{M}odule (GCM), concealing the vulnerable direction
of gradient while guaranteeing the classification accuracy during the inference
time. GCM reports superior defense results on the ImageNet classification
benchmark, improving up to 63.41\% top-1 attack robustness (AR) when faced with
adversarial inputs compared to the vanilla DNNs. Moreover, we use GCM in the
CVPR 2022 Robust Classification Challenge, currently achieving \textbf{2nd}
place in Phase II with only a tiny version of ConvNext. The code will be made
available.
Related papers
- Any Target Can be Offense: Adversarial Example Generation via Generalized Latent Infection [83.72430401516674]
GAKer is able to construct adversarial examples to any target class.
Our method achieves an approximately $14.13%$ higher attack success rate for unknown classes.
arXiv Detail & Related papers (2024-07-17T03:24:09Z) - Towards Robust Domain Generation Algorithm Classification [1.4542411354617986]
We implement 32 white-box attacks, 19 of which are very effective and induce a false-negative rate (FNR) of $approx$ 100% on unhardened classifiers.
We propose a novel training scheme that leverages adversarial latent space vectors and discretized adversarial domains to significantly improve robustness.
arXiv Detail & Related papers (2024-04-09T11:56:29Z) - Rethinking PGD Attack: Is Sign Function Necessary? [131.6894310945647]
We present a theoretical analysis of how such sign-based update algorithm influences step-wise attack performance.
We propose a new raw gradient descent (RGD) algorithm that eliminates the use of sign.
The effectiveness of the proposed RGD algorithm has been demonstrated extensively in experiments.
arXiv Detail & Related papers (2023-12-03T02:26:58Z) - Activate and Reject: Towards Safe Domain Generalization under Category
Shift [71.95548187205736]
We study a practical problem of Domain Generalization under Category Shift (DGCS)
It aims to simultaneously detect unknown-class samples and classify known-class samples in the target domains.
Compared to prior DG works, we face two new challenges: 1) how to learn the concept of unknown'' during training with only source known-class samples, and 2) how to adapt the source-trained model to unseen environments.
arXiv Detail & Related papers (2023-10-07T07:53:12Z) - On the Robustness of Bayesian Neural Networks to Adversarial Attacks [11.277163381331137]
Vulnerability to adversarial attacks is one of the principal hurdles to the adoption of deep learning in safety-critical applications.
We show that vulnerability to gradient-based attacks arises as a result of degeneracy in the data distribution.
We prove that the expected gradient of the loss with respect to the BNN posterior distribution is vanishing, even when each neural network sampled from the posterior is vulnerable to gradient-based attacks.
arXiv Detail & Related papers (2022-07-13T12:27:38Z) - Sparse and Imperceptible Adversarial Attack via a Homotopy Algorithm [93.80082636284922]
Sparse adversarial attacks can fool deep networks (DNNs) by only perturbing a few pixels.
Recent efforts combine it with another l_infty perturbation on magnitudes.
We propose a homotopy algorithm to tackle the sparsity and neural perturbation framework.
arXiv Detail & Related papers (2021-06-10T20:11:36Z) - Adversarial Attack on Large Scale Graph [58.741365277995044]
Recent studies have shown that graph neural networks (GNNs) are vulnerable against perturbations due to lack of robustness.
Currently, most works on attacking GNNs are mainly using gradient information to guide the attack and achieve outstanding performance.
We argue that the main reason is that they have to use the whole graph for attacks, resulting in the increasing time and space complexity as the data scale grows.
We present a practical metric named Degree Assortativity Change (DAC) to measure the impacts of adversarial attacks on graph data.
arXiv Detail & Related papers (2020-09-08T02:17:55Z) - Towards More Practical Adversarial Attacks on Graph Neural Networks [14.78539966828287]
We study the black-box attacks on graph neural networks (GNNs) under a novel and realistic constraint.
We show that the structural inductive biases of GNN models can be an effective source for this type of attacks.
arXiv Detail & Related papers (2020-06-09T05:27:39Z) - A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems.
This paper proposes a self-supervised adversarial training mechanism in the input space.
It provides significant robustness against the textbfunseen adversarial attacks.
arXiv Detail & Related papers (2020-06-08T20:42:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.