Advanced Adversarial Machine Learning
Chapter 1: Foundations of Adversarial ML Security
Review of Machine Learning Security Vulnerabilities
Threat Models in Machine Learning
Attack Surfaces: Training vs. Inference
Mathematical Formulation of Adversarial Examples
Taxonomy of Adversarial Attacks
Overview of Defense Strategies
Chapter 2: Advanced Evasion Attacks
Gradient-Based Attacks: FGSM, BIM, PGD Analysis
Optimization-Based Attacks: Carlini & Wagner Methods
Score-Based Attack Techniques
Decision-Based Attack Techniques
Transferability of Adversarial Examples
Attacking Ensemble Models
Implementing Evasion Attacks: Hands-on Practical
Chapter 3: Data Poisoning and Backdoor Attacks
Poisoning Attack Strategies: Availability vs Integrity
Targeted Data Poisoning Techniques
Backdoor Attack Mechanisms and Trigger Design
Clean-Label Poisoning Attacks
Analyzing Poisoning Impact on Model Training
Crafting Data Poisoning Attacks: Hands-on Practical
Chapter 4: Model Inference and Privacy Attacks
Membership Inference Attacks: Theory and Methods
Attribute Inference Techniques
Model Inversion and Reconstruction Attacks
Model Stealing: Functionality Extraction Methods
Relationship to Differential Privacy
Implementing Membership Inference: Hands-on Practical
Chapter 5: Robust Defense Mechanisms
Adversarial Training: Principles and Variations
Certified Defenses: Randomized Smoothing
Input Transformation Defenses
Gradient Masking and Obfuscation Issues
Defending Against Poisoning and Backdoors
Implementing Adversarial Training: Hands-on Practical
Chapter 6: Evaluating Model Robustness
Metrics for Adversarial Robustness
Benchmarking Tools and Frameworks
Adaptive Attacks: Evaluating Defenses Properly
Security Evaluations under Different Threat Models
Interpreting Robustness Evaluation Results
Setting up Robustness Benchmarks: Hands-on Practical
Chapter 7: Adversarial Examples in Specific Domains
Adversarial Attacks on Computer Vision Models
Generating Adversarial Text for NLP Models
Attacks on Reinforcement Learning Agents
Physical Adversarial Attacks
Domain-Specific Attack Considerations
Generating Adversarial Text: Practice
Input Transformation Defenses
Was this section helpful?
- Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples, Anish Athalye, Nicholas Carlini, David Wagner, 2018 Proceedings of the 35th International Conference on Machine Learning, Vol. 80 (PMLR) - This paper identifies gradient masking as a critical vulnerability in many proposed adversarial defenses, including input transformations, and introduces techniques like Backward Pass Differentiable Approximation (BPDA) for adaptive attacks.
- Feature Squeezing: Detecting Adversarial Examples in Raw Feature Space, Weilin Xu, Youngeun Kim, Jianliang Qi, Kai-Wei Chang, David Evans, 2018 International Conference on Learning Representations (ICLR) (ICLR) DOI: 10.48550/arXiv.1705.08493 - Introduces feature squeezing, an input transformation defense that uses techniques like color depth reduction and spatial smoothing to detect and potentially mitigate adversarial examples.
- Synthesizing Robust Adversarial Examples, Anish Athalye, Logan Engstrom, Andrew Ilyas, Kevin Kwok, 2018 Proceedings of the 35th International Conference on Machine Learning, Vol. 80 (PMLR) - Presents Expectation Over Transformation (EOT), a method for generating adversarial examples that remain effective across various random transformations, thus bypassing randomized input defenses.
- Defense against Adversarial Attacks Using JPEG Compression, Gintare Karolina Dziugaite, Amna Mustafa, Cynthia Rudin, 2018 NeurIPS Workshop on Challenges in Machine Learning (CIML) - Investigates the effectiveness of JPEG compression as a pre-processing input transformation defense mechanism to remove adversarial perturbations from images.