Advanced Adversarial Machine Learning
Chapter 1: Foundations of Adversarial ML Security
Review of Machine Learning Security Vulnerabilities
Threat Models in Machine Learning
Attack Surfaces: Training vs. Inference
Mathematical Formulation of Adversarial Examples
Taxonomy of Adversarial Attacks
Overview of Defense Strategies
Chapter 2: Advanced Evasion Attacks
Gradient-Based Attacks: FGSM, BIM, PGD Analysis
Optimization-Based Attacks: Carlini & Wagner Methods
Score-Based Attack Techniques
Decision-Based Attack Techniques
Transferability of Adversarial Examples
Attacking Ensemble Models
Implementing Evasion Attacks: Hands-on Practical
Chapter 3: Data Poisoning and Backdoor Attacks
Poisoning Attack Strategies: Availability vs Integrity
Targeted Data Poisoning Techniques
Backdoor Attack Mechanisms and Trigger Design
Clean-Label Poisoning Attacks
Analyzing Poisoning Impact on Model Training
Crafting Data Poisoning Attacks: Hands-on Practical
Chapter 4: Model Inference and Privacy Attacks
Membership Inference Attacks: Theory and Methods
Attribute Inference Techniques
Model Inversion and Reconstruction Attacks
Model Stealing: Functionality Extraction Methods
Relationship to Differential Privacy
Implementing Membership Inference: Hands-on Practical
Chapter 5: Robust Defense Mechanisms
Adversarial Training: Principles and Variations
Certified Defenses: Randomized Smoothing
Input Transformation Defenses
Gradient Masking and Obfuscation Issues
Defending Against Poisoning and Backdoors
Implementing Adversarial Training: Hands-on Practical
Chapter 6: Evaluating Model Robustness
Metrics for Adversarial Robustness
Benchmarking Tools and Frameworks
Adaptive Attacks: Evaluating Defenses Properly
Security Evaluations under Different Threat Models
Interpreting Robustness Evaluation Results
Setting up Robustness Benchmarks: Hands-on Practical
Chapter 7: Adversarial Examples in Specific Domains
Adversarial Attacks on Computer Vision Models
Generating Adversarial Text for NLP Models
Attacks on Reinforcement Learning Agents
Physical Adversarial Attacks
Domain-Specific Attack Considerations
Generating Adversarial Text: Practice
Decision-Based Attack Techniques
Was this section helpful?
- Decision-Based Adversarial Attacks: Reliable Attacks on Black-Box Machine Learning Models, Wieland Brendel, Jonas Rauber, Matthias Bethge, 2018 Sixth International Conference on Learning Representations (ICLR 2018) DOI: 10.48550/arXiv.1712.04248 - This is the seminal paper introducing the Boundary Attack, a foundational decision-based method for hard-label black-box adversarial examples.
- HopSkipJumpAttack: A Query-Efficient Decision-Based Attack, Pinyu Chen, Huan Zhang, Yuan Sinha, Ruoxi Jia, Gauthier Gidel, and Cho-Jui Hsieh, 2019 Advances in Neural Information Processing Systems (NeurIPS), Vol. 32 (Curran Associates, Inc.) DOI: 10.48550/arXiv.1904.02144 - Presents the HopSkipJumpAttack, an improved query-efficient decision-based attack that builds upon boundary exploration techniques.
- Sign-OPT: A Query-Efficient Hard-label Adversarial Attack, Minhao Cheng, Simranjit Singh, Shiyu Chang, Jonghyun Choi, Pengtao Xie, Anna Choromanska, and Ahmed Elgammal, 2019 International Conference on Learning Representations (ICLR) DOI: 10.48550/arXiv.1909.04018 - Proposes Sign-OPT, another query-efficient hard-label adversarial attack that guides its search using estimations of the sign of the gradient.
- A Survey on Black-Box Adversarial Attacks and Defenses, Xiaofei Wang, Pengfei Li, Jianxin Li, Jun Liu, Bo Li, and Yu-Gang Jiang, 2021 IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 43 (IEEE) DOI: 10.1109/TPAMI.2020.3039148 - Provides a comprehensive overview of black-box adversarial attacks and defenses, offering context for decision-based methods discussed in the section.