PRAT: PRofiling Adversarial aTtacks
- URL: http://arxiv.org/abs/2309.11111v1
- Date: Wed, 20 Sep 2023 07:42:51 GMT
- Title: PRAT: PRofiling Adversarial aTtacks
- Authors: Rahul Ambati, Naveed Akhtar, Ajmal Mian, Yogesh Singh Rawat
- Abstract summary: We introduce a novel problem of PRofiling Adversarial aTtacks (PRAT)
Given an adversarial example, the objective of PRAT is to identify the attack used to generate it.
We use AID to devise a novel framework for the PRAT objective.
- Score: 52.693011665938734
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Intrinsic susceptibility of deep learning to adversarial examples has led to
a plethora of attack techniques with a broad common objective of fooling deep
models. However, we find slight compositional differences between the
algorithms achieving this objective. These differences leave traces that
provide important clues for attacker profiling in real-life scenarios. Inspired
by this, we introduce a novel problem of PRofiling Adversarial aTtacks (PRAT).
Given an adversarial example, the objective of PRAT is to identify the attack
used to generate it. Under this perspective, we can systematically group
existing attacks into different families, leading to the sub-problem of attack
family identification, which we also study. To enable PRAT analysis, we
introduce a large Adversarial Identification Dataset (AID), comprising over
180k adversarial samples generated with 13 popular attacks for image
specific/agnostic white/black box setups. We use AID to devise a novel
framework for the PRAT objective. Our framework utilizes a Transformer based
Global-LOcal Feature (GLOF) module to extract an approximate signature of the
adversarial attack, which in turn is used for the identification of the attack.
Using AID and our framework, we provide multiple interesting benchmark results
for the PRAT problem.
Related papers
- AdvQDet: Detecting Query-Based Adversarial Attacks with Adversarial Contrastive Prompt Tuning [93.77763753231338]
Adversarial Contrastive Prompt Tuning (ACPT) is proposed to fine-tune the CLIP image encoder to extract similar embeddings for any two intermediate adversarial queries.
We show that ACPT can detect 7 state-of-the-art query-based attacks with $>99%$ detection rate within 5 shots.
We also show that ACPT is robust to 3 types of adaptive attacks.
arXiv Detail & Related papers (2024-08-04T09:53:50Z) - Unraveling Adversarial Examples against Speaker Identification --
Techniques for Attack Detection and Victim Model Classification [24.501269108193412]
Adversarial examples have proven to threaten speaker identification systems.
We propose a method to detect the presence of adversarial examples.
We also introduce a method for identifying the victim model on which the adversarial attack is carried out.
arXiv Detail & Related papers (2024-02-29T17:06:52Z) - Ensemble-based Blackbox Attacks on Dense Prediction [16.267479602370543]
We show that a carefully designed ensemble can create effective attacks for a number of victim models.
In particular, we show that normalization of the weights for individual models plays a critical role in the success of the attacks.
Our proposed method can also generate a single perturbation that can fool multiple blackbox detection and segmentation models simultaneously.
arXiv Detail & Related papers (2023-03-25T00:08:03Z) - Scalable Attribution of Adversarial Attacks via Multi-Task Learning [11.302242821058865]
Adversarial Attribution Problem (AAP) is used to generate adversarial examples.
We propose a multi-task learning framework named Multi-Task Adversarial Attribution (MTAA) to recognize the three signatures simultaneously.
arXiv Detail & Related papers (2023-02-25T12:27:44Z) - Invisible Backdoor Attack with Dynamic Triggers against Person
Re-identification [71.80885227961015]
Person Re-identification (ReID) has rapidly progressed with wide real-world applications, but also poses significant risks of adversarial attacks.
We propose a novel backdoor attack on ReID under a new all-to-unknown scenario, called Dynamic Triggers Invisible Backdoor Attack (DT-IBA)
We extensively validate the effectiveness and stealthiness of the proposed attack on benchmark datasets, and evaluate the effectiveness of several defense methods against our attack.
arXiv Detail & Related papers (2022-11-20T10:08:28Z) - Versatile Weight Attack via Flipping Limited Bits [68.45224286690932]
We study a novel attack paradigm, which modifies model parameters in the deployment stage.
Considering the effectiveness and stealthiness goals, we provide a general formulation to perform the bit-flip based weight attack.
We present two cases of the general formulation with different malicious purposes, i.e., single sample attack (SSA) and triggered samples attack (TSA)
arXiv Detail & Related papers (2022-07-25T03:24:58Z) - Zero-Query Transfer Attacks on Context-Aware Object Detectors [95.18656036716972]
Adversarial attacks perturb images such that a deep neural network produces incorrect classification results.
A promising approach to defend against adversarial attacks on natural multi-object scenes is to impose a context-consistency check.
We present the first approach for generating context-consistent adversarial attacks that can evade the context-consistency check.
arXiv Detail & Related papers (2022-03-29T04:33:06Z) - Towards A Conceptually Simple Defensive Approach for Few-shot
classifiers Against Adversarial Support Samples [107.38834819682315]
We study a conceptually simple approach to defend few-shot classifiers against adversarial attacks.
We propose a simple attack-agnostic detection method, using the concept of self-similarity and filtering.
Our evaluation on the miniImagenet (MI) and CUB datasets exhibit good attack detection performance.
arXiv Detail & Related papers (2021-10-24T05:46:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.