Goodfellow 等人提出了一种称为快速梯度符号法(Fast Gradient Sign Method)的快速方法来生成对抗样本 [69]。他们只在每个像素处沿着梯度符号的方向进行一步梯度更新。他们的扰动可以表示为: \begin{align} \eta = \epsilon sign (\nabla_x J_{\theta}(x, l)), \end{align}\qquad(5) 其中\epsilon 是...
Adversarial examples in the physical world (CVPR 2016):提出BIM方法,即优化时用若干小步代替一大步,进一步提出non-targeted版本,Iterative Least-likely Class Method (ILCM). 作者单位: Google. Jacobian-based Saliency Map Attack (JSMA): The Limitations of Deep Learning in Adversarial Settings (EURO S&P):...
In this paper, we present a novel defense method, termed sequence squeezing, to make RNN classifiers more robust against such attacks. Our method differs from previous defense methods which were designed only for non-sequence based models. We also implement four additional RNN defense methods ...
To this end, this paper proposes a Generative Adversarial Network-based Visible Face Synthesis (GAN-VFS) method to synthesize more photo-realistic visible face images from their corresponding polarimetric images. To ensure that the encoded visible-features contain more semantically meaningful information ...
To shed light on this problem, we develop a novel multi-stage ensemble adversarial example attack method based on our proposed strategies of model scheduling and sample selection. The first strategy schedules source models to be attacked in every stage, based on the criteria of decision boundary ...
A Region-Adaptive Local Perturbation-Based Method for Generating Adversarial Examples in Synthetic Aperture Radar Object Detection In synthetic aperture radar (SAR) imaging, intelligent object detection methods are facing significant challenges in terms of model robustness and applicat... J Duan,L Qiu,G...
不少防御方法,比如比特深度约简、JPEG压缩、总方差最小化和quilting-based的防御,也因此是脆弱而不堪...
An unmanned vehicle lane changing decision-making method based on adversarial imitation learning, and a system for implementing the method. The method comp... K Qi,L Fan 被引量: 0发表: 2021年 Modeling Car-Following Behaviors and Driving Styles with Generative Adversarial Imitation Learning Building...
根据获取目标模型信息的不同,对抗攻击(Adversarial Attack)可分为白盒攻击(white-box attack,可获取模型的所有信息,比如参数、结构、梯度等)和黑盒攻击(black-box attack,只能获取有限的信息或者完全无法获取)。其中迁移攻击(transfer-based attack)指在替代模型A(surrogate model)上生成对抗样本可直接用来欺骗目标模型B...
In this paper, we present a semi-supervised learning method that is based on the standard deep convolutional generative adversarial networks (DCGANs). We double the discriminator that is used in DCGANs and utilize the two discriminators for joint training. In this process, we introduce a noisy ...