Adversarial Attack
598 papers with code • 2 benchmarks • 9 datasets
An Adversarial Attack is a technique to find a perturbation that changes the prediction of a machine learning model. The perturbation can be very small and imperceptible to human eyes.
Source: Recurrent Attention Model with Log-Polar Mapping is Robust against Adversarial Attacks
Libraries
Use these libraries to find Adversarial Attack models and implementationsDatasets
CIFAR-10
WSJ0-2mix
ImageNet-P
NAS-Bench-1Shot1
Cifar10Mnist
PointDenoisingBenchmark
REAP
Subtasks
Most implemented papers
Learn To Pay Attention
SaoYan/LearnToPayAttention
•
•
ICLR 2018
We propose an end-to-end-trainable attention module for convolutional neural network (CNN) architectures built for image classification.
Distributionally Adversarial Attack
Recent work on adversarial attack has shown that Projected Gradient Descent (PGD) Adversary is a universal first-order adversary, and the classifier adversarially trained by PGD is robust against a wide range of first-order attacks.
On Evaluating Adversarial Robustness
evaluating-adversarial-robustness/adv-eval-paper
•
•
Correctly evaluating defenses against adversarial examples has proven to be extremely difficult.
AdvHat: Real-world adversarial attack on ArcFace Face ID system
In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions.
Adversarial Attacks and Defenses in Images, Graphs and Text: A Review
In this survey, we review the state of the art algorithms for generating adversarial examples and the countermeasures against adversarial examples, for the three popular data types, i. e., images, graphs and text.
Disrupting Deepfakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems
natanielruiz/disrupting-deepfakes
•
•
This type of manipulated images and video have been coined Deepfakes.
BERT-ATTACK: Adversarial Attack Against BERT Using BERT
QData/TextAttack
•
•
EMNLP 2020
Adversarial attacks for discrete data (such as texts) have been proved significantly more challenging than continuous data (such as images) since it is difficult to generate adversarial samples with gradient-based methods.
Patch-wise Attack for Fooling Deep Neural Network
qilong-zhang/Patch-wise-iterative-attack
•
•
ECCV 2020
By adding human-imperceptible noise to clean images, the resultant adversarial examples can fool other unknown models.
Beta-CROWN: Efficient Bound Propagation with Per-neuron Split Constraints for Complete and Incomplete Neural Network Robustness Verification
Compared to the typically tightest but very costly semidefinite programming (SDP) based incomplete verifiers, we obtain higher verified accuracy with three orders of magnitudes less verification time.
Understanding the Vulnerability of Skeleton-based Human Activity Recognition via Black-box Attack
realcrane/BASAR-Black-box-Attack-on-Skeletal-Action-Recognition
•
•
Via BASAR, we find on-manifold adversarial samples are extremely deceitful and rather common in skeletal motions, in contrast to the common belief that adversarial samples only exist off-manifold.
