Advanced Adversarial Machine Learning
Chapter 1: Foundations of Adversarial ML Security
Review of Machine Learning Security Vulnerabilities
Threat Models in Machine Learning
Attack Surfaces: Training vs. Inference
Mathematical Formulation of Adversarial Examples
Taxonomy of Adversarial Attacks
Overview of Defense Strategies
Chapter 2: Advanced Evasion Attacks
Gradient-Based Attacks: FGSM, BIM, PGD Analysis
Optimization-Based Attacks: Carlini & Wagner Methods
Score-Based Attack Techniques
Decision-Based Attack Techniques
Transferability of Adversarial Examples
Attacking Ensemble Models
Implementing Evasion Attacks: Hands-on Practical
Chapter 3: Data Poisoning and Backdoor Attacks
Poisoning Attack Strategies: Availability vs Integrity
Targeted Data Poisoning Techniques
Backdoor Attack Mechanisms and Trigger Design
Clean-Label Poisoning Attacks
Analyzing Poisoning Impact on Model Training
Crafting Data Poisoning Attacks: Hands-on Practical
Chapter 4: Model Inference and Privacy Attacks
Membership Inference Attacks: Theory and Methods
Attribute Inference Techniques
Model Inversion and Reconstruction Attacks
Model Stealing: Functionality Extraction Methods
Relationship to Differential Privacy
Implementing Membership Inference: Hands-on Practical
Chapter 5: Robust Defense Mechanisms
Adversarial Training: Principles and Variations
Certified Defenses: Randomized Smoothing
Input Transformation Defenses
Gradient Masking and Obfuscation Issues
Defending Against Poisoning and Backdoors
Implementing Adversarial Training: Hands-on Practical
Chapter 6: Evaluating Model Robustness
Metrics for Adversarial Robustness
Benchmarking Tools and Frameworks
Adaptive Attacks: Evaluating Defenses Properly
Security Evaluations under Different Threat Models
Interpreting Robustness Evaluation Results
Setting up Robustness Benchmarks: Hands-on Practical
Chapter 7: Adversarial Examples in Specific Domains
Adversarial Attacks on Computer Vision Models
Generating Adversarial Text for NLP Models
Attacks on Reinforcement Learning Agents
Physical Adversarial Attacks
Domain-Specific Attack Considerations
Generating Adversarial Text: Practice
Optimization-Based Attacks: Carlini & Wagner Methods
Was this section helpful?
- Towards Evaluating the Robustness of Neural Networks, Nicholas Carlini, David Wagner, 2017 2017 IEEE Symposium on Security and Privacy (SP) (IEEE) DOI: 10.1109/SP.2017.49 - Describes the seminal Carlini & Wagner attacks (L0, L2, L∞) and their optimization framework for finding minimal perturbations.
- Towards Deep Learning Models Resistant to Adversarial Attacks, Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, Adrian Vladu, 2018 International Conference on Learning Representations (ICLR) DOI: 10.48550/arXiv.1706.06083 - While primarily known for PGD and adversarial training, this paper and its associated resources offer essential context for understanding strong gradient-based attacks and robustness, which is crucial for appreciating C&W's role as a benchmark.
- Adversarial Attacks and Defenses in Machine Learning: A Survey, Xinyun Chen, Changxi Zheng, Li Erran Li, Dawn Song, 2020 ACM Computing Surveys, Vol. 53 (Association for Computing Machinery (ACM)) DOI: 10.1145/3371921 - A comprehensive survey that reviews various adversarial attack techniques, including Carlini & Wagner, and discusses their impact and the corresponding defenses.
- Reliable Evaluation of Adversarial Robustness with an Ensemble of Diverse Attacks, Francesco Croce, Matthias Hein, 2020 International Conference on Machine Learning (ICML) DOI: 10.48550/arXiv.2003.01690 - Introduces AutoAttack, a robust benchmark suite that incorporates C&W L2 as a core component for thoroughly evaluating model robustness against strong adversarial examples.