Reference : Efficient and Transferable Adversarial Examples from Bayesian Neural Networks
E-prints/Working papers : Already available on another site
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/49232
Efficient and Transferable Adversarial Examples from Bayesian Neural Networks
English
Gubri, Martin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal >]
Cordy, Maxime mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal >]
Papadakis, Mike mailto [University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) >]
Le Traon, Yves mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal >]
2021
No
[en] Machine Learning ; Adversarial examples ; Bayesian ; Neural Networks ; Deep Learning ; Transferability
[en] An established way to improve the transferability of black-box evasion attacks is to craft the adversarial examples on a surrogate ensemble model to increase diversity. We argue that transferability is fundamentally related to epistemic uncertainty. Based on a state-of-the-art Bayesian Deep Learning technique, we propose a new method to efficiently build a surrogate by sampling approximately from the posterior distribution of neural network weights, which represents the belief about the value of each parameter. Our extensive experiments on ImageNet and CIFAR-10 show that our approach improves the transfer rates of four state-of-the-art attacks significantly (up to 62.1 percentage points), in both intra-architecture and inter-architecture cases. On ImageNet, our approach can reach 94% of transfer rate while reducing training computations from 11.6 to 2.4 exaflops, compared to an ensemble of independently trained DNNs. Our vanilla surrogate achieves 87.5% of the time higher transferability than 3 test-time techniques designed for this purpose. Our work demonstrates that the way to train a surrogate has been overlooked although it is an important element of transfer-based attacks. We are, therefore, the first to review the effectiveness of several training methods in increasing transferability. We provide new directions to better understand the transferability phenomenon and offer a simple but strong baseline for future work.
http://hdl.handle.net/10993/49232
https://arxiv.org/abs/2011.05074
FnR ; FNR12669767 > Yves Le Traon > STELLAR > Testing Self-learning Systems > 01/09/2019 > 31/08/2022 > 2018

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
2011.05074.pdfAuthor preprint829.53 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.