Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data

被引:0
|
作者
Yang, Puyudi [1 ]
Chen, Jianbo [2 ]
Hsieh, Cho-Jui [3 ]
Wang, Jane-Ling [1 ]
Jordan, Michael, I [2 ,4 ]
机构
[1] Univ Calif Davis, Dept Stat, Davis, CA 95616 USA
[2] Univ Calif Berkeley, Dept Stat, Berkeley, CA 94720 USA
[3] Univ Calif Los Angelos, Dept Comp Sci, Los Angeles, CA 90095 USA
[4] Univ Calif Berkeley, Div Comp Sci, Berkeley, CA 94720 USA
来源
JOURNAL OF MACHINE LEARNING RESEARCH | 2020年 / 21卷
关键词
Adversarial Attack;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present a probabilistic framework for studying adversarial attacks on discrete data. Based on this framework, we derive a perturbation-based method, Greedy Attack, and a scalable learning-based method, Gumbel Attack, that illustrate various tradeoffs in the design of attacks. We demonstrate the effectiveness of these methods using both quantitative metrics and human evaluation on various state-of-the-art models for text classification, including a word-based CNN, a character-based CNN and an LSTM. As an example of our results, we show that the accuracy of character-based convolutional networks drops to the level of random selection by modifying only five characters through Greedy Attack.
引用
收藏
页数:36
相关论文
共 50 条
  • [21] From adversarial examples to data poisoning instances: utilizing an adversarial attack method to poison a transfer learning model
    Lin, Jing
    Luley, Ryan
    Xiong, Kaiqi
    IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC 2022), 2022, : 2351 - 2356
  • [22] Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples
    Pintor, Maura
    Demetrio, Luca
    Sotgiu, Angelo
    Demontis, Ambra
    Carlini, Nicholas
    ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 35, NEURIPS 2022, 2022,
  • [23] Boosting the transferability of adversarial examples via stochastic serial attack
    Hao, Lingguang
    Hao, Kuangrong
    Wei, Bing
    Tang, Xue-song
    NEURAL NETWORKS, 2022, 150 : 58 - 67
  • [24] Minimally distorted Adversarial Examples with a Fast Adaptive Boundary Attack
    Croce, Francesco
    Hein, Matthias
    25TH AMERICAS CONFERENCE ON INFORMATION SYSTEMS (AMCIS 2019), 2019,
  • [25] REGULARIZED INTERMEDIATE LAYERS ATTACK: ADVERSARIAL EXAMPLES WITH HIGH TRANSFERABILITY
    Li, Xiaorui
    Cui, Weiyu
    Huang, Jiawei
    Wang, Wenyi
    Chen, Jianwen
    2021 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING (ICIP), 2021, : 1904 - 1908
  • [26] Attack-Aware Detection and Defense to Resist Adversarial Examples
    Jiang, Wei
    He, Zhiyuan
    Zhan, Jinyu
    Pan, Weijia
    IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, 2021, 40 (10) : 2194 - 2198
  • [27] Minimally distorted Adversarial Examples with a Fast Adaptive Boundary Attack
    Croce, Francesco
    Hein, Matthias
    INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 119, 2020, 119
  • [28] Towards Robust Ensemble Defense Against Adversarial Examples Attack
    Mani, Nag
    Moh, Melody
    Moh, Teng-Sheng
    2019 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2019,
  • [29] Adversarial Attack and Defense on Discrete Time Dynamic Graphs
    Zhao, Ziwei
    Yang, Yu
    Yin, Zikai
    Xu, Tong
    Zhu, Xi
    Lin, Fake
    Li, Xueying
    Chen, Enhong
    IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2024, 36 (12) : 7600 - 7611
  • [30] Generating Adversarial Texts by the Universal Tail Word Addition Attack
    Xie, Yushun
    Gu, Zhaoquan
    Tan, Runnan
    Luo, Cui
    Song, Xiangyu
    Wang, Haiyan
    WEB AND BIG DATA, APWEB-WAIM 2024, PT I, 2024, 14961 : 310 - 326
12345