26/04/2020

Breaking certified defenses: semantic adversarial examples with spoofed robustness certificates

Amin Ghiasi, Ali Shafahi, Tom Goldstein

Keywords:

Abstract Paper Similar Papers

Abstract: Defenses against adversarial attacks can be classified into certified and non-certified. Certifiable defenses make networks robust within a certain $\ell_p$-bounded radius, so that it is impossible for the adversary to make adversarial examples in the certificate bound. We present an attack that maintains the imperceptibility property of adversarial examples while being outside of the certified radius. Furthermore, the proposed "Shadow Attack" can fool certifiably robust networks by producing an imperceptible adversarial example that gets misclassified and produces a strong ``spoofed'' certificate.

 0
 0
 0
 0
  Share    
This is an embedded video. Talk and the respective paper are published at ICLR 2020 virtual conference. If you are one of the authors of the paper and want to manage your upload, see the question "My papertalk has been externally embedded..." in the FAQ section.

Comments

Post Comment
no comments yet
code of conduct: tbd Characters remaining: 140

Similar Papers

 0
 0
 0
 0
 15:01 
 0
 0
 0
 0
 23:48 
 0
 0
 0
 0
 15:27 
 0
 0
 0
 0
 5:01 
 0
 0
 0
 0
 10:24 
 0
 0
 0
 0
 11:51 
 0
 0
 0
 0
 9:28 
 0
 0
 0
 0
 18:19 
 0
 0
 0
 0
 1:01 
 0
 0
 0
 0
 15:05 
 0
 0
 0
 0
 21:04 
 0
 0
 0
 0
 11:33 
 0
 0
 0
 0
 5:00 
 0
 0
 0
 0
 12:44 
 0
 0
 0
 0
 12:07 
 0
 0
 0
 0
 10:04 
 0
 0
 0
 0
 10:28 
 0
 0
 0
 0
 11:05 
 0
 1
 0
 0
 5:01 
 0
 0
 0
 0
 15:22 
 0
 0
 0
 0
 12:11 
 0
 0
 0
 0
 4:56 
 0
 0
 0
 0
 12:00 
 0
 0
 0
 0
 9:14 
 0
 0
 0
 0
 14:43 
 0
 0
 0
 0
 11:53 
 0
 0
 0
 0
 11:35 
 0
 0
 0
 0
 3:16 
 0
 0
 0
 0
 6:09 
 0
 0
 0
 0
 11:56 
 0
 0
 0
 0
 15:02 
 0
 0
 0
 0
 16:06 
 0
 0
 0
 0
 1:01 
 0
 0
 0
 0
 12:21 
 0
 0
 0
 0
 15:00 
 0
 0
 0
 0
 4:48 
 0
 0
 0
 0
 10:28 
 0
 0
 0
 0
 11:31 
 0
 0
 0
 0
 22:16 
 0
 0
 0
 0
 14:13