Advanced Adversarial Machine Learning
Chapter 1: Foundations of Adversarial ML Security
Review of Machine Learning Security Vulnerabilities
Threat Models in Machine Learning
Attack Surfaces: Training vs. Inference
Mathematical Formulation of Adversarial Examples
Taxonomy of Adversarial Attacks
Overview of Defense Strategies
Chapter 2: Advanced Evasion Attacks
Gradient-Based Attacks: FGSM, BIM, PGD Analysis
Optimization-Based Attacks: Carlini & Wagner Methods
Score-Based Attack Techniques
Decision-Based Attack Techniques
Transferability of Adversarial Examples
Attacking Ensemble Models
Implementing Evasion Attacks: Hands-on Practical
Chapter 3: Data Poisoning and Backdoor Attacks
Poisoning Attack Strategies: Availability vs Integrity
Targeted Data Poisoning Techniques
Backdoor Attack Mechanisms and Trigger Design
Clean-Label Poisoning Attacks
Analyzing Poisoning Impact on Model Training
Crafting Data Poisoning Attacks: Hands-on Practical
Chapter 4: Model Inference and Privacy Attacks
Membership Inference Attacks: Theory and Methods
Attribute Inference Techniques
Model Inversion and Reconstruction Attacks
Model Stealing: Functionality Extraction Methods
Relationship to Differential Privacy
Implementing Membership Inference: Hands-on Practical
Chapter 5: Robust Defense Mechanisms
Adversarial Training: Principles and Variations
Certified Defenses: Randomized Smoothing
Input Transformation Defenses
Gradient Masking and Obfuscation Issues
Defending Against Poisoning and Backdoors
Implementing Adversarial Training: Hands-on Practical
Chapter 6: Evaluating Model Robustness
Metrics for Adversarial Robustness
Benchmarking Tools and Frameworks
Adaptive Attacks: Evaluating Defenses Properly
Security Evaluations under Different Threat Models
Interpreting Robustness Evaluation Results
Setting up Robustness Benchmarks: Hands-on Practical
Chapter 7: Adversarial Examples in Specific Domains
Adversarial Attacks on Computer Vision Models
Generating Adversarial Text for NLP Models
Attacks on Reinforcement Learning Agents
Physical Adversarial Attacks
Domain-Specific Attack Considerations
Generating Adversarial Text: Practice
Transferability of Adversarial Examples
Was this section helpful?
- Explaining and Harnessing Adversarial Examples, Ian J. Goodfellow, Jonathon Shlens, Christian Szegedy, 2014 arXiv preprint arXiv:1412.6572 DOI: 10.48550/arXiv.1412.6572 - Introduces the Fast Gradient Sign Method (FGSM) and the linearity hypothesis, providing an early explanation for adversarial examples and their transferability.
- Practical Black-Box Attacks against Machine Learning Systems using Adversarial Examples, Nicolas Papernot, Patrick McDaniel, Arushi Sinha, Z. Berkay Celik, Somesh Jha, 2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (AsiaCCS '17) (ACM) DOI: 10.1145/3052973.3053009 - Details the methodology for black-box attacks that rely on the transferability of adversarial examples through substitute models, a core method described in the section.
- Ensemble Adversarial Training: Attacks and Defenses, Florian Tramèr, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, Patrick McDaniel, 2018 International Conference on Learning Representations (ICLR) DOI: 10.48550/arXiv.1705.07204 - Explores the transferability of adversarial examples, particularly in the context of improving adversarial training and evaluating defense mechanisms.
- Adversarial Examples Are Not Bugs, They Are Features, Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, Aleksander Madry, 2019 Advances in Neural Information Processing Systems 32 (NeurIPS 2019) DOI: 10.48550/arXiv.1905.02175 - Provides a perspective on the existence and transferability of adversarial examples by linking them to non-robust yet predictive features learned by models.