Adversarial Examples: Difference between revisions

From David's Wiki
Line 26: Line 26:
==NLP==
==NLP==
* [https://arxiv.org/abs/1901.06796 Adversarial Attacks on Deep Learning Models in Natural Language Processing: A Survey]
* [https://arxiv.org/abs/1901.06796 Adversarial Attacks on Deep Learning Models in Natural Language Processing: A Survey]
===Benchmark Datasets===
====Text classification====
Semantic Analysis, gender identification, grammer error detection

Revision as of 21:27, 16 November 2019

An adversarial example tries to trick a neural network by applying a small worst-case perturbation to a real example.
These were also introduced by Ian Goodfellow.
The first two papers introducing adversarial examples are:

Attacks

L-BFGS

Limited memory Broyden-Fletcher-Goldfarb-Shanno (L-BFGS)
This is used by Szegedy et al in their paper.

Fast Gradient Sign Method

The fast gradient sign method (FGSM) using the sign of the gradient times a unit vector as the perturbation.
This was proposed by Ian Goodfellow in his paper.

Projected Gradient Descent

Basic idea: Do gradient descent. If you go too far from your example, project it back into your perturbation range.
This was proposed by Madry et al.

Defenses

Most defenses focus on generating adversarial examples during training time and training on those adversarial examples.
Below are some alternatives to this approach.

Interval Bound Propagation

Interval Bound Propagation (IBP)
A paper

NLP

Benchmark Datasets

Text classification

Semantic Analysis, gender identification, grammer error detection