SlideShare a Scribd company logo

Universal Adversarial Perturbation

H
Hyunwoo Kim

This document summarizes a seminar on universal adversarial perturbations. It begins with a quick introduction to adversarial attack methods like DeepFool. It then discusses the concept of universal adversarial perturbations - single perturbations that can fool neural networks into misclassifying most images. The document explains how universal perturbations are crafted to satisfy a fooling rate while being small. It shows that a single perturbation can achieve high fooling rates across different networks and models. It also discusses how universal perturbations capture the local geometry and correlations in the decision boundaries of neural networks.

Technology
Related topics:
Deep LearningNeural Networks
1 of 54
Downloaded 44 times
1
2
Most read
3
4
5
6
7
8
9
10
Most read
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
U N I V E R S A L A D V E R S A R I A L 2 0 1 8 S N U V L S E M I N A R H Y U N W O O K I M P E R T U R B A T I O N
C O N T E N T S 1. Quick Intro to Adversarial Attacks - Deep fool: A simple and accurate method to fool deep neural networks - Explaining & Harnessing Adversarial Examples 2. Universal Adversarial Perturbation
Attacks ?
Through the human eye Anderson & Winawer, 2005
iPodBoat Perturbation Through the machine’s eye Adversarial Example or Attack
Intriguing Properties of Neural Networks C. Szegedy et al. ICLR, 2014.
Intriguing Properties of Neural Networks C. Szegedy et al. ICLR, 2014.
Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. ICLR, 2015.
Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. ICLR, 2015. Fast Gradient Sign Method [FGSM]
!" = " + % & Fast Gradient Sign Method [FGSM] Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. ICLR, 2015. Perturbation Gradient of the cost function
Fast Gradient Sign Method [FGSM] Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. ICLR, 2015. RAW Images ATTACKED Images With Maxout Network Misclassification Rate - MNIST : 89.4%
Fast Gradient Sign Method [FGSM] Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. ICLR, 2015. RAW Images ATTACKED Images With Conv Maxout Network Misclassification Rate - CIFAR-10 : 87.2%
Fast Gradient Sign Method [FGSM] Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. ICLR, 2015. : Intensity of the Attack
Various methods of attacks
Ian Goodfellow
https://github.com/tensorflow/cleverhans Python library for Adversarial attacks
“They say that the best weapon is the one you never have to fire. I respectfully disagree. I prefer the weapon you only have to fire ONCE.” -Tony Stark-
Universal Adversarial Perturbations S.M. Moosavi-Dezfooli et al. CVPR, 2017.
Universal Adversarial Perturbation
How to make one • ! ∶ #$%&'$()&$*+ *, $-./0% $+ ℝ2 • 34 ∶ . 56.%%$,$5.&$*+ ,)+5&$*+ &ℎ.& *)&8)&% .+ 9:;<=>;9? @>A9@ 34 B ,*' 0.5ℎ $-./0 C ∈ ℝ2 E0 %00F . G05&*' H %)5ℎ &ℎ.&
How to make one: constraints for the !" #""$ % &"'()* + #,'ℎ (ℎ%( + 2. Has to be small enough 1. Satisfies the fooling rate
∆"# ∆"$ % How to make one: the algorithm
2. Has to be small enough 1. Satisfies the fooling rate Projection on the ℓ" ball of radius #
From another paper by the author
Universal Adversarial Perturbation
Take use of the tangent plane Deep fool: S.M. Moosavi-Dezfooli et al. CVPR, 2016.
Take use of the tangent plane Deep fool: S.M. Moosavi-Dezfooli et al. CVPR, 2016.
Take use of the tangent plane Perturbation Deep fool: S.M. Moosavi-Dezfooli et al. CVPR, 2016.
Deep fool: Take use of the tangent plane
2. Has to be small enough 1. Satisfies the fooling rate
The one perturbation that messes up with all the classes
The Universal Perturbations for each Network 93% 94% 79% 78% 78% 84%
Doubly-Universal on ImageNet Dataset Cross-model Universality
Cross-model Universality Intriguing Properties of Neural Networks C. Szegedy et al. ICLR, 2014.
Doubly-Universal on ImageNet Dataset Cross-model Universality
Need many images for crafting ?
500 is all you need!
How about fine tuning ?
Fine tuning on the set of perturbations 94%76% 80%80%…
The real fun part
1. The existence of dominant labels
Been overlooked Intriguing Properties of Neural Networks C. Szegedy et al. ICLR, 2014.
The whole picture African Grey Macaw
Some examples
2. Comparison with other perturbations
3. Captures the local geometry Geometric properties of Adversarial Perturbations 1. ∥ "($) ∥& measures the Euclidean distance from x to the closest point on the decision boundary 2. The vector "($) is orthogonal to the decision boundary of the classifier
….... n universal perturbations (normal vectors) n random vectors "# "$ ….... "% 3. Captures the local geometry N =
Difference in Singular Value decay Perform SVD of the matrix N The existence of large correlations and redundancies in the decision boundary A subspace of low dimension d’ that contains most normal vectors to the decision boundary of deep networks
Sample random vectors from this subspace S Spanned by the first 100 singular vectors 10% 38% vs
There exists a low-dimensional subspace that captures the correlations among different regions of the decision boundary
Generalization of Universal perturbations
The Universal Adversarial Perturbation A silver bullet1 single vector Image-agnostic Network-agnostic
I L L U S I O N S Adversarial Attacks
Thank you Hyunwoo Kim

More Related Content

PPTX
Face recognition using neural network
Indira Nayak
 
PPTX
Object recognition of CIFAR - 10
Ratul Alahy
 
PPTX
20211019 When does label smoothing help_shared ver
Hsing-chuan Hsieh
 
PPTX
Hough Transform By Md.Nazmul Islam
Nazmul Islam
 
PDF
"Getting More from Your Datasets: Data Augmentation, Annotation and Generativ...
Edge AI and Vision Alliance
 
PDF
Lecture 4 Decision Trees (2): Entropy, Information Gain, Gain Ratio
Marina Santini
 
PDF
Linear regression
MartinHogg9
 
PPTX
Prolog (present)
Melody Joey
 
Face recognition using neural network
Indira Nayak
 
Object recognition of CIFAR - 10
Ratul Alahy
 
20211019 When does label smoothing help_shared ver
Hsing-chuan Hsieh
 
Hough Transform By Md.Nazmul Islam
Nazmul Islam
 
"Getting More from Your Datasets: Data Augmentation, Annotation and Generativ...
Edge AI and Vision Alliance
 
Lecture 4 Decision Trees (2): Entropy, Information Gain, Gain Ratio
Marina Santini
 
Linear regression
MartinHogg9
 
Prolog (present)
Melody Joey
 

What's hot (20)

PPTX
Supervised and Unsupervised Learning In Machine Learning | Machine Learning T...
Simplilearn
 
PPTX
U-Netpresentation.pptx
NoorUlHaq47
 
PDF
Machine Learning
Shrey Malik
 
PDF
Mobilenetv1 v2 slide
威智 黃
 
PDF
Design principle of pattern recognition system and STATISTICAL PATTERN RECOGN...
TEJVEER SINGH
 
PPTX
Machine Learning and its Applications
Bhuvan Chopra
 
PDF
A beginner's guide to Style Transfer and recent trends
JaeJun Yoo
 
PPTX
Data Mining: clustering and analysis
DataminingTools Inc
 
PPTX
Object detection presentation
AshwinBicholiya
 
PPTX
Detection and recognition of face using neural network
Smriti Tikoo
 
PPTX
Convolutional Neural Network and Its Applications
Kasun Chinthaka Piyarathna
 
PPTX
Machine Learning
Girish Khanzode
 
PPTX
Computer Vision - Artificial Intelligence
ACM-KU
 
PPTX
Machine Learning Contents.pptx
Naveenkushwaha18
 
PPTX
Digit recognition
btandale
 
PPTX
Emotion Based Music Player.pptx
YogeshChaubey2
 
PPTX
Random forest algorithm
Rashid Ansari
 
PPT
Liang barsky Line Clipping Algorithm
Arvind Kumar
 
PDF
Machine Learning and Data Mining: 04 Association Rule Mining
Pier Luca Lanzi
 
PDF
“An Introduction to Data Augmentation Techniques in ML Frameworks,” a Present...
Edge AI and Vision Alliance
 
Supervised and Unsupervised Learning In Machine Learning | Machine Learning T...
Simplilearn
 
U-Netpresentation.pptx
NoorUlHaq47
 
Machine Learning
Shrey Malik
 
Mobilenetv1 v2 slide
威智 黃
 
Design principle of pattern recognition system and STATISTICAL PATTERN RECOGN...
TEJVEER SINGH
 
Machine Learning and its Applications
Bhuvan Chopra
 
A beginner's guide to Style Transfer and recent trends
JaeJun Yoo
 
Data Mining: clustering and analysis
DataminingTools Inc
 
Object detection presentation
AshwinBicholiya
 
Detection and recognition of face using neural network
Smriti Tikoo
 
Convolutional Neural Network and Its Applications
Kasun Chinthaka Piyarathna
 
Machine Learning
Girish Khanzode
 
Computer Vision - Artificial Intelligence
ACM-KU
 
Machine Learning Contents.pptx
Naveenkushwaha18
 
Digit recognition
btandale
 
Emotion Based Music Player.pptx
YogeshChaubey2
 
Random forest algorithm
Rashid Ansari
 
Liang barsky Line Clipping Algorithm
Arvind Kumar
 
Machine Learning and Data Mining: 04 Association Rule Mining
Pier Luca Lanzi
 
“An Introduction to Data Augmentation Techniques in ML Frameworks,” a Present...
Edge AI and Vision Alliance
 
Ad

Similar to Universal Adversarial Perturbation (20)

PPTX
adversarial robustness lecture
MuhammadAhmedShah2
 
PDF
Paper Explained: One Pixel Attack for Fooling Deep Neural Networks
Devansh16
 
PDF
Adversarial examples in deep learning (Gregory Chatel)
MeetupDataScienceRoma
 
PDF
Generational Adversarial Neural Networks - Essential Reference
Gokul Alex
 
PDF
Research of adversarial example on a deep neural network
NAVER Engineering
 
PDF
[SOTIF US Conference] Introduction to Safe ML
Chih-Hong Cheng
 
PDF
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
PDF
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
PDF
Robustness of Deep Neural Networks on White-box Attacks and Defense Strategie...
AkhileshPandey104
 
PDF
Detecting adversarials examples attacks to deep neural networks
Fabio Carrara
 
PDF
Robustness in deep learning
Ganesan Narayanasamy
 
PDF
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
 
PDF
Survey of Adversarial Attacks in Deep Learning Models
IRJET Journal
 
PDF
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
GeekPwn Keen
 
PDF
DESSERTATION 4 SEM cybersecurity ensemble approach
SoniyaRathod5
 
PPTX
Black-Box attacks against Neural Networks - technical project presentation
Roberto Falconi
 
PDF
Adversarial ML - Part 2.pdf
KSChidanandKumarJSSS
 
PDF
Capstone Design(2) 중간 발표
Hyunwoo Kim
 
PPTX
Deceiving Autonomous Cars with Toxic Signs
LeonardoSalvucci1
 
PDF
Deep Learning Basics (lecture notes).pdf
Gayatri Wahane
 
adversarial robustness lecture
MuhammadAhmedShah2
 
Paper Explained: One Pixel Attack for Fooling Deep Neural Networks
Devansh16
 
Adversarial examples in deep learning (Gregory Chatel)
MeetupDataScienceRoma
 
Generational Adversarial Neural Networks - Essential Reference
Gokul Alex
 
Research of adversarial example on a deep neural network
NAVER Engineering
 
[SOTIF US Conference] Introduction to Safe ML
Chih-Hong Cheng
 
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Robustness of Deep Neural Networks on White-box Attacks and Defense Strategie...
AkhileshPandey104
 
Detecting adversarials examples attacks to deep neural networks
Fabio Carrara
 
Robustness in deep learning
Ganesan Narayanasamy
 
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
 
Survey of Adversarial Attacks in Deep Learning Models
IRJET Journal
 
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
GeekPwn Keen
 
DESSERTATION 4 SEM cybersecurity ensemble approach
SoniyaRathod5
 
Black-Box attacks against Neural Networks - technical project presentation
Roberto Falconi
 
Adversarial ML - Part 2.pdf
KSChidanandKumarJSSS
 
Capstone Design(2) 중간 발표
Hyunwoo Kim
 
Deceiving Autonomous Cars with Toxic Signs
LeonardoSalvucci1
 
Deep Learning Basics (lecture notes).pdf
Gayatri Wahane
 
Ad

More from Hyunwoo Kim (15)

PDF
서울대학교 IAB 강의 Pytorch(파이토치) CNN 실습 수업
Hyunwoo Kim
 
PDF
Curiosity-Bottleneck: Exploration by Distilling Task-Specific Novelty
Hyunwoo Kim
 
PDF
Abstractive Summarization of Reddit Posts with Multi-level Memory Networks
Hyunwoo Kim
 
PDF
Genetic Algorithm Project 2
Hyunwoo Kim
 
PDF
Sentiment Analysis Intro
Hyunwoo Kim
 
PDF
Two VWM representations simultaneously control attention
Hyunwoo Kim
 
PDF
Capstone Design(2) 최종 발표
Hyunwoo Kim
 
PDF
Neural Networks Basics with PyTorch
Hyunwoo Kim
 
PDF
Capstone Design(2) 연구제안 발표
Hyunwoo Kim
 
PDF
Capstone Design(1) 최종 발표
Hyunwoo Kim
 
PDF
Capstone Design(1) 중간 발표
Hyunwoo Kim
 
PDF
Capstone Design(1) 연구제안 발표
Hyunwoo Kim
 
PDF
Neural Network Intro [인공신경망 설명]
Hyunwoo Kim
 
PDF
Random Forest Intro [랜덤포레스트 설명]
Hyunwoo Kim
 
PDF
Decision Tree Intro [의사결정나무]
Hyunwoo Kim
 
서울대학교 IAB 강의 Pytorch(파이토치) CNN 실습 수업
Hyunwoo Kim
 
Curiosity-Bottleneck: Exploration by Distilling Task-Specific Novelty
Hyunwoo Kim
 
Abstractive Summarization of Reddit Posts with Multi-level Memory Networks
Hyunwoo Kim
 
Genetic Algorithm Project 2
Hyunwoo Kim
 
Sentiment Analysis Intro
Hyunwoo Kim
 
Two VWM representations simultaneously control attention
Hyunwoo Kim
 
Capstone Design(2) 최종 발표
Hyunwoo Kim
 
Neural Networks Basics with PyTorch
Hyunwoo Kim
 
Capstone Design(2) 연구제안 발표
Hyunwoo Kim
 
Capstone Design(1) 최종 발표
Hyunwoo Kim
 
Capstone Design(1) 중간 발표
Hyunwoo Kim
 
Capstone Design(1) 연구제안 발표
Hyunwoo Kim
 
Neural Network Intro [인공신경망 설명]
Hyunwoo Kim
 
Random Forest Intro [랜덤포레스트 설명]
Hyunwoo Kim
 
Decision Tree Intro [의사결정나무]
Hyunwoo Kim
 

Recently uploaded (20)

PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 

Universal Adversarial Perturbation