Search Results for author:
Found 9 papers, 5 papers with code
Adversarial Robustness Through Artifact Design
We evaluated our approach in the domain of traffic-sign recognition, allowing it to alter traffic-sign pictograms (i. e., symbols within the signs) and their colors.
The Ultimate Combo: Boosting Adversarial Example Transferability by Composing Data Augmentations
We also found that the best composition significantly outperformed the state of the art (e. g., 93. 7% vs. $\le$ 82. 7% average transferability on ImageNet from normally trained surrogates to adversarially trained targets).
Group-based Robustness: A General Framework for Customized Robustness in the Real World
In this work, we identify real-world scenarios where the true threat cannot be assessed accurately by existing attacks.
Scalable Verification of GNN-based Job Schedulers
Recently, Graph Neural Networks (GNNs) have been applied for scheduling jobs over clusters, achieving better performance than hand-crafted heuristics.
Constrained Gradient Descent: A Powerful and Principled Evasion Attack Against Neural Networks
First, we demonstrate a loss function that explicitly encodes (1) and show that Auto-PGD finds more attacks with it.
Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes
Moreover, we found that our attack can fool some commercial anti-viruses, in certain cases with a success rate of 85%.
$n$-ML: Mitigating Adversarial Examples via Ensembles of Topologically Manipulated Classifiers
This paper proposes a new defense called $n$-ML against adversarial examples, i. e., inputs crafted by perturbing benign inputs by small amounts to induce misclassifications by classifiers.
On the Suitability of $L_p$-norms for Creating and Preventing Adversarial Examples
Combined with prior work, we thus demonstrate that nearness of inputs as measured by $L_p$-norms is neither necessary nor sufficient for perceptual similarity, which has implications for both creating and defending against adversarial examples.
A General Framework for Adversarial Examples with Objectives
Images perturbed subtly to be misclassified by neural networks, called adversarial examples, have emerged as a technically deep challenge and an important concern for several application domains.
