Vulnerability of classifiers to evolutionary generated adversarial examples

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F67985807%3A_____%2F20%3A00485639" target="_blank" >RIV/67985807:_____/20:00485639 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1016/j.neunet.2020.04.015" target="_blank" >http://dx.doi.org/10.1016/j.neunet.2020.04.015</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.neunet.2020.04.015" target="_blank" >10.1016/j.neunet.2020.04.015</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Vulnerability of classifiers to evolutionary generated adversarial examples

Popis výsledku v původním jazyce

This paper deals with the vulnerability of machine learning models to adversarial examples and its implication for robustness and generalization properties. We propose an evolutionary algorithm that can generate adversarial examples for any machine learning model in the black-box attack scenario. This way, we can find adversarial examples without access to model’s parameters, only by querying the model at hand. We have tested a range of machine learning models including deep and shallow neural networks. Our experiments have shown that the vulnerability to adversarial examples is not only the problem of deep networks, but it spreads through various machine learning architectures. Rather, it depends on the type of computational units. Local units, such as Gaussian kernels, are less vulnerable to adversarial examples.

Název v anglickém jazyce

Vulnerability of classifiers to evolutionary generated adversarial examples

Popis výsledku anglicky

This paper deals with the vulnerability of machine learning models to adversarial examples and its implication for robustness and generalization properties. We propose an evolutionary algorithm that can generate adversarial examples for any machine learning model in the black-box attack scenario. This way, we can find adversarial examples without access to model’s parameters, only by querying the model at hand. We have tested a range of machine learning models including deep and shallow neural networks. Our experiments have shown that the vulnerability to adversarial examples is not only the problem of deep networks, but it spreads through various machine learning architectures. Rather, it depends on the type of computational units. Local units, such as Gaussian kernels, are less vulnerable to adversarial examples.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/GA18-23827S" target="_blank" >GA18-23827S: Schopnosti a omezení mělkých a hlubokých sítí</a><br>

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Neural Networks

ISSN

0893-6080

e-ISSN

—

Svazek periodika

127

Číslo periodika v rámci svazku

July

Stát vydavatele periodika

GB - Spojené království Velké Británie a Severního Irska

Počet stran výsledku

14

Strana od-do

168-181

Kód UT WoS článku

000536453100016

EID výsledku v databázi Scopus

2-s2.0-85083895880