arXiv:1901.08121 Abstract | arXiv Analytics

arXiv:1901.08121 [cs.LG]Abstract References Reviews Resources

Sitatapatra: Blocking the Transfer of Adversarial Samples

Ilia Shumailov, Xitong Gao, Yiren Zhao, Robert Mullins, Ross Anderson, Cheng-Zhong Xu

Published 2019-01-23Version 1

Convolutional Neural Networks (CNNs) are widely used to solve classification tasks in computer vision. However, they can be tricked into misclassifying specially crafted `adversarial' samples -- and samples built to trick one model often work alarmingly well against other models trained on the same task. In this paper we introduce Sitatapatra, a system designed to block the transfer of adversarial samples. It diversifies neural networks using a key, as in cryptography, and provides a mechanism for detecting attacks. What's more, when adversarial samples are detected they can typically be traced back to the individual device that was used to develop them. The run-time overheads are minimal permitting the use of Sitatapatra on constrained systems.

Categories: cs.LG, cs.CR, stat.ML

Keywords: adversarial samples, sitatapatra, convolutional neural networks, diversifies neural networks, classification tasks

Related articles: Most relevant | Search more

arXiv:1805.12017 [cs.LG] (Published 2018-05-30)

Counterstrike: Defending Deep Learning Architectures Against Adversarial Samples by Langevin Dynamics with Supervised Denoising Autoencoder

Vignesh Srinivasan, Arturo Marban, Klaus-Robert Müller, Wojciech Samek, Shinichi Nakajima

arXiv:1806.03316 [cs.LG] (Published 2018-06-08)

Adversarial Meta-Learning

Chengxiang Yin, Jian Tang, Zhiyuan Xu, Yanzhi Wang

arXiv:2101.11201 [cs.LG] (Published 2021-01-27)

Similarity of Classification Tasks

Cuong Nguyen, Thanh-Toan Do, Gustavo Carneiro