Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data

被引:0
|
作者
Yang, Puyudi [1 ]
Chen, Jianbo [2 ]
Hsieh, Cho-Jui [3 ]
Wang, Jane-Ling [1 ]
Jordan, Michael, I [2 ,4 ]
机构
[1] Univ Calif Davis, Dept Stat, Davis, CA 95616 USA
[2] Univ Calif Berkeley, Dept Stat, Berkeley, CA 94720 USA
[3] Univ Calif Los Angelos, Dept Comp Sci, Los Angeles, CA 90095 USA
[4] Univ Calif Berkeley, Div Comp Sci, Berkeley, CA 94720 USA
来源
JOURNAL OF MACHINE LEARNING RESEARCH | 2020年 / 21卷
关键词
Adversarial Attack;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present a probabilistic framework for studying adversarial attacks on discrete data. Based on this framework, we derive a perturbation-based method, Greedy Attack, and a scalable learning-based method, Gumbel Attack, that illustrate various tradeoffs in the design of attacks. We demonstrate the effectiveness of these methods using both quantitative metrics and human evaluation on various state-of-the-art models for text classification, including a word-based CNN, a character-based CNN and an LSTM. As an example of our results, we show that the accuracy of character-based convolutional networks drops to the level of random selection by modifying only five characters through Greedy Attack.
引用
收藏
页数:36
相关论文
共 50 条
  • [1] Greedy attack and gumbel attack: Generating adversarial examples for discrete data
    Yang, Puyudi
    Chen, Jianbo
    Hsieh, Cho-Jui
    Wang, Jane-Ling
    Jordan, Michael I.
    Journal of Machine Learning Research, 2020, 21
  • [2] Timing Attack on Random Forests for Generating Adversarial Examples
    Dan, Yuichiro
    Shibahara, Toshiki
    Takahashi, Junko
    ADVANCES IN INFORMATION AND COMPUTER SECURITY (IWSEC 2020), 2020, 12231 : 285 - 302
  • [3] Fast Local Attack: Generating Local Adversarial Examples for Object Detectors
    Liao, Quanyu
    Wang, Xin
    Kong, Bin
    Lyu, Siwei
    Yin, Youbing
    Song, Qi
    Wu, Xi
    2020 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2020,
  • [4] Attackability Characterization of Adversarial Evasion Attack on Discrete Data
    Wang, Yutong
    Han, Yufei
    Bao, Hongyan
    Shen, Yun
    Ma, Fenglong
    Li, Jin
    Zhang, Xiangliang
    KDD '20: PROCEEDINGS OF THE 26TH ACM SIGKDD INTERNATIONAL CONFERENCE ON KNOWLEDGE DISCOVERY & DATA MINING, 2020, : 1415 - 1425
  • [5] Adversarial Examples for Graph Data: Deep Insights into Attack and Defense
    Wu, Huijun
    Wang, Chen
    Tyshetskiy, Yuriy
    Docherty, Andrew
    Lu, Kai
    Zhu, Liming
    PROCEEDINGS OF THE TWENTY-EIGHTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2019, : 4816 - 4823
  • [6] A New Black Box Attack Generating Adversarial Examples Based on Reinforcement Learning
    Xiao, Wenli
    Jiang, Hao
    Xia, Song
    2020 INFORMATION COMMUNICATION TECHNOLOGIES CONFERENCE (ICTC), 2020, : 141 - 146
  • [7] A method for filtering the attack pairs of adversarial examples based on attack distance
    Liu H.
    Fang Y.
    Wen W.
    Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics, 2022, 48 (02): : 339 - 347
  • [8] Attack as Detection: Using Adversarial Attack Methods to Detect Abnormal Examples
    Zhao, Zhe
    Chen, Guangke
    Liu, Tong
    Li, Taishan
    Song, Fu
    Wang, Jingyi
    Sun, Jun
    ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2024, 33 (03)
  • [9] Where and How to Attack? A Causality-Inspired Recipe for Generating Counterfactual Adversarial Examples
    Cai, Ruichu
    Zhu, Yuxuan
    Qiao, Jie
    Liang, Zefeng
    Liu, Furui
    Hao, Zhifeng
    THIRTY-EIGHTH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE, VOL 38 NO 10, 2024, : 11132 - 11140
  • [10] Discrete Adversarial Attack to Models of Code
    Gao, Fengjuan
    Wang, Yu
    Wang, Ke
    PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2023, 7 (PLDI): : 172 - 195
12345