5,337
edits
Adversarial Examples: Difference between revisions
→Fast Gradient Sign Method
No edit summary |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
==Attacks== | ==Attacks== | ||
===L-BFGS=== | ===L-BFGS=== | ||
Limited memory Broyden- | Limited memory Broyden-Fletcher-Goldfarb-Shanno (L-BFGS)<br> | ||
This is used by Szegedy et al in their paper. | This is used by Szegedy et al in their paper. | ||
===Fast Gradient Sign Method=== | ===Fast Gradient Sign Method=== | ||
The fast gradient sign method (FGSM) | The fast gradient sign method (FGSM) uses the sign of the gradient times a unit vector as the perturbation.<br> | ||
This was proposed by Ian Goodfellow in his paper.<br> | This was proposed by Ian Goodfellow in his paper.<br> | ||
===Projected Gradient Descent=== | ===Projected Gradient Descent=== | ||
Basic idea: Do gradient descent. If you go too far from your example, project it back into your perturbation range.<br> | Basic idea: Do gradient descent. If you go too far from your example, project it back into your perturbation range.<br> | ||
This was proposed by Madry et al.<br> | This was proposed by Madry et al. in their 2017 paper [https://arxiv.org/abs/1706.06083 Towards Deep Learning Models Resistant to Adversarial Attacks].<br> | ||
==Defenses== | ==Defenses== | ||
| Line 25: | Line 27: | ||
==NLP== | ==NLP== | ||
* [https://arxiv.org/abs/1901.06796 Adversarial Attacks on Deep Learning Models in Natural Language Processing: A Survey] | * [https://arxiv.org/abs/1901.06796 Adversarial Attacks on Deep Learning Models in Natural Language Processing: A Survey] | ||
===Benchmark Datasets=== | |||
====Text classification==== | |||
Semantic Analysis, gender identification, grammer error detection | |||