Synthesizing Robust Adversarial Examples

Anish Athalye, Logan Engstrom, Andrew Ilyas, Kevin Kwok
Proceedings of the 35th International Conference on Machine Learning, PMLR 80:284-293, 2018.

Abstract

Standard methods for generating adversarial examples for neural networks do not consistently fool neural network classifiers in the physical world due to a combination of viewpoint shifts, camera noise, and other natural transformations, limiting their relevance to real-world systems. We demonstrate the existence of robust 3D adversarial objects, and we present the first algorithm for synthesizing examples that are adversarial over a chosen distribution of transformations. We synthesize two-dimensional adversarial images that are robust to noise, distortion, and affine transformation. We apply our algorithm to complex three-dimensional objects, using 3D-printing to manufacture the first physical adversarial objects. Our results demonstrate the existence of 3D adversarial objects in the physical world.

Cite this Paper

BibTeX
@InProceedings{pmlr-v80-athalye18b, title = {Synthesizing Robust Adversarial Examples}, author = {Athalye, Anish and Engstrom, Logan and Ilyas, Andrew and Kwok, Kevin}, booktitle = {Proceedings of the 35th International Conference on Machine Learning}, pages = {284--293}, year = {2018}, editor = {Dy, Jennifer and Krause, Andreas}, volume = {80}, series = {Proceedings of Machine Learning Research}, month = {10--15 Jul}, publisher = {PMLR}, pdf = {http://proceedings.mlr.press/v80/athalye18b/athalye18b.pdf}, url = {https://proceedings.mlr.press/v80/athalye18b.html}, abstract = {Standard methods for generating adversarial examples for neural networks do not consistently fool neural network classifiers in the physical world due to a combination of viewpoint shifts, camera noise, and other natural transformations, limiting their relevance to real-world systems. We demonstrate the existence of robust 3D adversarial objects, and we present the first algorithm for synthesizing examples that are adversarial over a chosen distribution of transformations. We synthesize two-dimensional adversarial images that are robust to noise, distortion, and affine transformation. We apply our algorithm to complex three-dimensional objects, using 3D-printing to manufacture the first physical adversarial objects. Our results demonstrate the existence of 3D adversarial objects in the physical world.} }
Endnote
%0 Conference Paper %T Synthesizing Robust Adversarial Examples %A Anish Athalye %A Logan Engstrom %A Andrew Ilyas %A Kevin Kwok %B Proceedings of the 35th International Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2018 %E Jennifer Dy %E Andreas Krause %F pmlr-v80-athalye18b %I PMLR %P 284--293 %U https://proceedings.mlr.press/v80/athalye18b.html %V 80 %X Standard methods for generating adversarial examples for neural networks do not consistently fool neural network classifiers in the physical world due to a combination of viewpoint shifts, camera noise, and other natural transformations, limiting their relevance to real-world systems. We demonstrate the existence of robust 3D adversarial objects, and we present the first algorithm for synthesizing examples that are adversarial over a chosen distribution of transformations. We synthesize two-dimensional adversarial images that are robust to noise, distortion, and affine transformation. We apply our algorithm to complex three-dimensional objects, using 3D-printing to manufacture the first physical adversarial objects. Our results demonstrate the existence of 3D adversarial objects in the physical world.
APA
Athalye, A., Engstrom, L., Ilyas, A. & Kwok, K.. (2018). Synthesizing Robust Adversarial Examples. Proceedings of the 35th International Conference on Machine Learning, in Proceedings of Machine Learning Research 80:284-293 Available from https://proceedings.mlr.press/v80/athalye18b.html.

Related Material