Using Wasserstein GAN to generate high quality adversarial examples

Xiong, Zhihan

Permalink

https://hdl.handle.net/2142/100047 Copy

Description

Title

Using Wasserstein GAN to generate high quality adversarial examples

Author(s)

Xiong, Zhihan

Contributor(s)

Moulin, Pierre

Issue Date

2018-05

Keyword(s)

• adversarial machine learning
• white-box targeted attack
• Wasserstein GAN
• neural networks

Abstract

Although Deep Neural Networks (DNNs) have state-of-the-art performance in various machine learning tasks, in recent years, they are found to be vulnerable to so-called adversarial examples Specifically, take x is an element of D on which a neural network has very high classification accuracy. It is possible to find some small perturbation Δx so that even though the difference between x and x + Δx = x′ is almost imperceptible to humans, the given neural network is very likely to incorrectly classify x + Δx. Several gradient and optimization based methods have been proposed to create such adversarial examples x′, but many of them cannot achieve high speed and high quality x′ simultaneously. In this thesis, we propose a new algorithm to generate adversarial examples based on Generative Adversarial Networks (GANs), specifically, a modification to the training algorithm of the Improved Wasserstein GAN. The trained generator is able to create x′ very similar to the original x while keeping the classification accuracy of the target model as low as the state-of-the-art attack. Furthermore, although training a GAN might be slow, after it is trained, it can generate adversarial examples much faster than previous optimization-based methods. Our goal is for this work to be used for further research on robust neural networks.

Type of Resource

text

Language

en

Permalink

http://hdl.handle.net/2142/100047

Owning Collections