Local approximations of deep learning models for black-box adversarial attacks
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 === Cataloged from student-sub...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | English |
| Published: |
Massachusetts Institute of Technology
2019
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/1721.1/121687 |
| id |
ndltd-MIT-oai-dspace.mit.edu-1721.1-121687 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-MIT-oai-dspace.mit.edu-1721.1-1216872019-07-25T04:18:39Z Local approximations of deep learning models for black-box adversarial attacks Sun, Michael(Michael Z.) Aleksander Madry. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Electrical Engineering and Computer Science. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 45-47). We study the problem of generating adversarial examples for image classifiers in the black-box setting (when the model is available only as an oracle). We unify two seemingly orthogonal and concurrent lines of work in black-box adversarial generation: query-based attacks and substitute models. In particular, we reinterpret adversarial transferability as a strong gradient prior. Based on this unification, we develop a method for integrating model-based priors into the generation of black-box attacks. The resulting algorithms significantly improve upon the current state-of-the-art in black-box adversarial attacks across a wide range of threat models. by Michael Sun. M. Eng. M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science 2019-07-15T20:34:16Z 2019-07-15T20:34:16Z 2019 2019 Thesis https://hdl.handle.net/1721.1/121687 1102057729 eng MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582 47 pages application/pdf Massachusetts Institute of Technology |
| collection |
NDLTD |
| language |
English |
| format |
Others
|
| sources |
NDLTD |
| topic |
Electrical Engineering and Computer Science. |
| spellingShingle |
Electrical Engineering and Computer Science. Sun, Michael(Michael Z.) Local approximations of deep learning models for black-box adversarial attacks |
| description |
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 === Cataloged from student-submitted PDF version of thesis. === Includes bibliographical references (pages 45-47). === We study the problem of generating adversarial examples for image classifiers in the black-box setting (when the model is available only as an oracle). We unify two seemingly orthogonal and concurrent lines of work in black-box adversarial generation: query-based attacks and substitute models. In particular, we reinterpret adversarial transferability as a strong gradient prior. Based on this unification, we develop a method for integrating model-based priors into the generation of black-box attacks. The resulting algorithms significantly improve upon the current state-of-the-art in black-box adversarial attacks across a wide range of threat models. === by Michael Sun. === M. Eng. === M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science |
| author2 |
Aleksander Madry. |
| author_facet |
Aleksander Madry. Sun, Michael(Michael Z.) |
| author |
Sun, Michael(Michael Z.) |
| author_sort |
Sun, Michael(Michael Z.) |
| title |
Local approximations of deep learning models for black-box adversarial attacks |
| title_short |
Local approximations of deep learning models for black-box adversarial attacks |
| title_full |
Local approximations of deep learning models for black-box adversarial attacks |
| title_fullStr |
Local approximations of deep learning models for black-box adversarial attacks |
| title_full_unstemmed |
Local approximations of deep learning models for black-box adversarial attacks |
| title_sort |
local approximations of deep learning models for black-box adversarial attacks |
| publisher |
Massachusetts Institute of Technology |
| publishDate |
2019 |
| url |
https://hdl.handle.net/1721.1/121687 |
| work_keys_str_mv |
AT sunmichaelmichaelz localapproximationsofdeeplearningmodelsforblackboxadversarialattacks |
| _version_ |
1719229517619265536 |