Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data

被引:0
|
作者
Yang, Puyudi [1 ]
Chen, Jianbo [2 ]
Hsieh, Cho-Jui [3 ]
Wang, Jane-Ling [1 ]
Jordan, Michael, I [2 ,4 ]
机构
[1] Univ Calif Davis, Dept Stat, Davis, CA 95616 USA
[2] Univ Calif Berkeley, Dept Stat, Berkeley, CA 94720 USA
[3] Univ Calif Los Angelos, Dept Comp Sci, Los Angeles, CA 90095 USA
[4] Univ Calif Berkeley, Div Comp Sci, Berkeley, CA 94720 USA
来源
JOURNAL OF MACHINE LEARNING RESEARCH | 2020年 / 21卷
关键词
Adversarial Attack;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present a probabilistic framework for studying adversarial attacks on discrete data. Based on this framework, we derive a perturbation-based method, Greedy Attack, and a scalable learning-based method, Gumbel Attack, that illustrate various tradeoffs in the design of attacks. We demonstrate the effectiveness of these methods using both quantitative metrics and human evaluation on various state-of-the-art models for text classification, including a word-based CNN, a character-based CNN and an LSTM. As an example of our results, we show that the accuracy of character-based convolutional networks drops to the level of random selection by modifying only five characters through Greedy Attack.
引用
收藏
页数:36
相关论文
共 50 条
  • [31] LET-Attack: Latent Encodings of Normal-Data Manifold Transferring to Adversarial Examples
    Zhang, Jie
    Zhang, Zhihao
    SCIENCE OF CYBER SECURITY, SCISEC 2019, 2019, 11933 : 136 - 150
  • [32] Discrete Point-wise Attack Is Not Enough: Generalized Manifold Adversarial Attack for Face Recognition
    Li, Qian
    Hu, Yuxiao
    Liu, Ye
    Zhang, Dongxiao
    Jin, Xin
    Chen, Yuntian
    2023 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2023, : 20575 - 20584
  • [33] Adversarial Attack by Inducing Drift in Streaming Data
    B. Ida Seraphim
    E. Poovammal
    Wireless Personal Communications, 2022, 127 : 997 - 1021
  • [34] Adversarial Attack by Inducing Drift in Streaming Data
    Ida Seraphim, B.
    Poovammal, E.
    WIRELESS PERSONAL COMMUNICATIONS, 2022, 127 (02) : 997 - 1021
  • [35] Adversarial Attack and Defense on Graph Data: A Survey
    Sun, Lichao
    Dou, Yingtong
    Yang, Carl
    Zhang, Kai
    Wang, Ji
    Yu, Philip S.
    He, Lifang
    Li, Bo
    IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2023, 35 (08) : 7693 - 7711
  • [36] Reversible Adversarial Image Examples with Beam Search Attack and Grayscale Invariance
    Zhang, Haodong
    Pun, Chi Man
    Du, Xia
    INTERNATIONAL WORKSHOP ON ADVANCED IMAGING TECHNOLOGY, IWAIT 2024, 2024, 13164
  • [37] Adversarial Attack against Modeling Attack on PUFs
    Wang, Sying-Jyan
    Chen, Yu-Shen
    Li, Katherine Shu-Min
    PROCEEDINGS OF THE 2019 56TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2019,
  • [38] Attack Agnostic Detection of Adversarial Examples via Random Subspace Analysis
    Drenkow, Nathan
    Fendley, Neil
    Burlina, Philippe
    2022 IEEE WINTER CONFERENCE ON APPLICATIONS OF COMPUTER VISION (WACV 2022), 2022, : 2815 - 2825
  • [39] GNP ATTACK: TRANSFERABLE ADVERSARIAL EXAMPLES VIA GRADIENT NORM PENALTY
    Wu, Tao
    Luo, Tie
    Wunsch, Donald C.
    2023 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2023, : 3110 - 3114
  • [40] Adversarial Examples Created by Fault Injection Attack on Image Sensor Interface
    Oyama, Tatsuya
    Yoshida, Kota
    Okura, Shunsuke
    Fujino, Takeshi
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2024, E107A (03) : 344 - 354
12345