Compound adversarial examples in deep neural networks

Athalye, 2018, Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples, 274 S. Baluja, I. Fischer, Adversarial transformation networks: Learning to generate adversarial examples, 2017. CoRR abs/1703.09387. http://arxiv.org/abs/1703.09387, arXiv:1703.09387. L. Bottou, Large-Scale Machine Learning with Stochastic Gradient Descent, 2010. Brendel, 2018, Decision-based adversarial attacks: Reliable attacks against black-box machine learning models T.B. Brown, D. Mané, A. Roy, M. Abadi, J. Gilmer, Adversarial patch, 2017. ArXiv abs/1712.09665. Cao, 2015, Look and think twice: Capturing top-down visual attention with feedback convolutional neural networks Chen, 2021, Black-box adversarial attack on license plate recognition system, Acta Automatica Sinica, 47, 121 Chen, 2017, Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models, 15 J.M. Cohen, E. Rosenfeld, J.Z. Kolter, Certified adversarial robustness via randomized smoothing, 2019. Deb, 2002, A fast and elitist multiobjective genetic algorithm: Nsga-ii, IEEE Transactions on Evolutionary Computation, 6, 182, 10.1109/4235.996017 Deng, 2009, Imagenet: A large-scale hierarchical image database, Proc of IEEE Computer Vision and Pattern Recognition, 248 Dong, Y., Liao, F., Pang, T., Hu, X., Zhu, J., 2017. Discovering adversarial examples with momentum. CoRR abs/1710.06081. http://arxiv.org/abs/1710.06081, arXiv:1710.06081. Goodfellow, I.J., Pouget-Abadie, J., Mirza, M., Bing, X., Bengio, Y., 2014. Generative adversarial nets, in: Advances in Neural Information Processing Systems, Curran Associates Inc. Goodfellow, I.J., Shlens, J., Szegedy, C., 2015. Explaining and harnessing adversarial examples, in: ICML. Hamm, J., 2017. Machine vs machine: Defending classifiers against learning-based adversarial attacks. CoRR abs/1711.04368. arXiv:1711.04368. He, 2016, Deep residual learning for image recognition, 770 He, K., Zhang, X., Ren, S., Sun, J., 2016b. Identity mappings in deep residual networks, in: Computer Vision – ECCV 2016, pp. 630–645. Huang, 2017, Densely connected convolutional networks Huang, 2019, Convolutional networks with dense connectivity, IEEE Transactions on Pattern Analysis and Machine Karmon, 2018, LaVAN: Localized and visible adversarial noise, in, 2507 Kong, 2020, Physgan: Generating physical-world-resilient adversarial examples for autonomous driving Krizhevsky, A., Hinton, G., 2009. Learning Multiple Layers of Features from Tiny Images. Technical Report. Citeseer. Kurakin, A., Goodfellow, I.J., Bengio, S., 2016. Adversarial machine learning at scale. CoRR abs/1611.01236. http://arxiv.org/abs/1611.01236, arXiv:1611.01236. Lecuyer, 2019, Certified robustness to adversarial examples with differential privacy Levine, A., Feizi, S., 2020. (de)randomized smoothing for certifiable defense against patch attacks. CoRR abs/2002.10733. Liang, 2022, An improved loop subdivision to coordinate the smoothness and the number of faces via multi-objective optimization, Integrated Computer Aided Engineering, 29, 23, 10.3233/ICA-210661 Liu, 2019, Perceptual-sensitive gan for generating adversarial patches, Proceedings of the AAAI Conference on Artificial Intelligence, 33, 1028, 10.1609/aaai.v33i01.33011028 Liu, 1989, On the limited memory bfgs method for large scale optimization, Mathematical Programming, 45, 503, 10.1007/BF01589116 Madry, 2018, Towards deep learning models resistant to adversarial attacks Mao, X., Chen, Y., Wang, S., Su, H., He, Y., Xue, H., 2021. Composite adversarial attacks, in: AAAI. Nguyen, L., Sinha, A., 2017. A learning approach to secure learning. CoRR abs/1709.04447. http://arxiv.org/abs/1709.04447, arXiv:1709.04447. Papernot, 2017, Practical black-box attacks against machine learning Papernot, N., McDaniel, P.D., Goodfellow, I.J., 2016. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. CoRR abs/1605.07277. http://arxiv.org/abs/1605.07277, arXiv:1605.07277. Plichoski, 2021, A face recognition framework based on a pool of techniques and differential evolution, Information Sciences, 543, 219, 10.1016/j.ins.2020.06.054 Sharif, 2016, Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition Sharif, 2019, A general framework for adversarial examples with objectives Simonyan, 2014, Very deep convolutional networks for large-scale image recognition, Computer Science Song, 2022, A kernel correlation-based approach to adaptively acquire local features for learning 3d point clouds, Computer-Aided Design, 146, 10.1016/j.cad.2022.103196 Szegedy, 2017, Inception-v4, inception-resnet and the impact of residual connections on learning Szegedy, 2016, Rethinking the inception architecture for computer vision, 2818 Szegedy, 2013, Intriguing properties of neural networks, Computer Science Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., Mcdaniel, P., 2018. Ensemble adversarial training: Attacks and defenses, in: 2018 International Conference on Learning Representations. Weilin, 2016, Automatically evading classifiers, Network and Distributed System Security Symposium, 248 Wright, 2015, Coordinate descent algorithms, Math. Program., 151, 3, 10.1007/s10107-015-0892-3 Wu, 2018, Service-oriented feature-based data exchange for cloud-based design and manufacturing, IEEE Transactions on Services Computing, 11, 341, 10.1109/TSC.2015.2501981 Xiao, C., Li, B., yan Zhu, J., He, W., Liu, M., Song, D., 2018. Generating adversarial examples with adversarial networks, in: Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, IJCAI-18, International Joint Conferences on Artificial Intelligence Organization. pp. 3905–3911. https://doi.org/10.24963/ijcai.2018/543, 10.24963/ijcai.2018/543. Xiao, 2020, Adversarial example generation with adaptive gradient search for single and ensemble deep neural network, Information Sciences, 528, 147, 10.1016/j.ins.2020.04.022 Zhang, 2020, A gpu-based residual network for medical image classification in smart medicine, Information Sciences, 536, 91, 10.1016/j.ins.2020.05.013 Zhao, 2020, Discerning influence patterns with beta-poisson factorization in microblogging environments, IEEE Transactions on Knowledge and Data Engineering, 32, 1092, 10.1109/TKDE.2019.2897932 Zhao, 2018, Generating natural adversarial examples