Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: How Wrong Am I? - Studying Adversarial Examples and their Impact on Uncertainty in Gaussian Process Machine Learning Models
(Submitted on 17 Nov 2017 (v1), last revised 3 Jan 2019 (this version, v4))
Abstract: Machine learning models are vulnerable to Adversarial Examples: minor perturbations to input samples intended to deliberately cause misclassification. Current defenses against adversarial examples, especially for Deep Neural Networks (DNN), are primarily derived from empirical developments, and their security guarantees are often only justified retroactively. Many defenses therefore rely on hidden assumptions that are subsequently subverted by increasingly elaborate attacks. This is not surprising: deep learning notoriously lacks a comprehensive mathematical framework to provide meaningful guarantees.
In this paper, we leverage Gaussian Processes to investigate adversarial examples in the framework of Bayesian inference. Across different models and datasets, we find deviating levels of uncertainty reflect the perturbation introduced to benign samples by state-of-the-art attacks, including novel white-box attacks on Gaussian Processes. Our experiments demonstrate that even unoptimized uncertainty thresholds already reject adversarial examples in many scenarios.
Comment: Thresholds can be broken in a modified attack, which was done in arXiv:1812.02606 (The limitations of model uncertainty in adversarial settings).
Submission history
From: Kathrin Grosse [view email][v1] Fri, 17 Nov 2017 15:46:44 GMT (1066kb,D)
[v2] Tue, 13 Feb 2018 09:06:33 GMT (1728kb,D)
[v3] Fri, 16 Feb 2018 09:37:19 GMT (1728kb,D)
[v4] Thu, 3 Jan 2019 12:29:59 GMT (0kb,I)
Link back to: arXiv, form interface, contact.