{
  "id": "2011.05074",
  "version": "v1",
  "published": "2020-11-10T12:46:52.000Z",
  "updated": "2020-11-10T12:46:52.000Z",
  "title": "Efficient and Transferable Adversarial Examples from Bayesian Neural Networks",
  "authors": [
    "Martin Gubri",
    "Maxime Cordy",
    "Mike Papadakis",
    "Yves Le Traon"
  ],
  "categories": [
    "cs.LG",
    "stat.ML"
  ],
  "abstract": "Deep neural networks are vulnerable to evasion attacks, i.e., carefully crafted examples designed to fool a model at test time. Attacks that successfully evade an ensemble of models can transfer to other independently trained models, which proves useful in black-box settings. Unfortunately, these methods involve heavy computation costs to train the models forming the ensemble. To overcome this, we propose a new method to generate transferable adversarial examples efficiently. Inspired by Bayesian deep learning, our method builds such ensembles by sampling from the posterior distribution of neural network weights during a single training process. Experiments on CIFAR-10 show that our approach improves the transfer rates significantly at equal or even lower computation costs. Intra-architecture transfer rate is increased by 23% compared to classical ensemble-based attacks, while requiring 4 times less training epochs. In the inter-architecture case, we show that we can combine our method with ensemble-based attacks to increase their transfer rate by up to 15% with constant training computational cost.",
  "revisions": [
    {
      "version": "v1",
      "updated": "2020-11-10T12:46:52.000Z"
    }
  ],
  "analyses": {
    "keywords": [
      "bayesian neural networks",
      "transfer rate",
      "computation costs",
      "deep neural networks",
      "neural network weights"
    ],
    "note": {
      "typesetting": "TeX",
      "pages": 0,
      "language": "en",
      "license": "arXiv",
      "status": "editable"
    }
  }
}