adversarial example

Deep neural networks (DNNs) have been found vulnerable to well-designed input samples called adversarial examples. Adversarial perturbations are imperceptible to human but can easily fool DNNs in the testing/deploying stage.

While trying to understand decision making in neural
networks, Szegedy et al. discovered adversarial example in 2014.

Adversarial examples can be applied to the real world. For instance, an adversary can construct physical adversarial examples and confuse autonomous vehicles by manipulating the stop sign in a traffic sign recognition system

adversarial example in conventional maching learning

adversarial example in conventional maching learning

Adversarial examples in conventional ML models have been discussed since decades ago. ML-based systems with handcrafted features are primary targets, such as spam filters, intrusion detection, biometric authentication, and fraud detection. For example, spam emails are often modified by adding characters to avoid detection.

Adversarial examples in the conventional ML require knowledge of feature extraction, while DL usually needs only raw data input.

• DL models usually work directly with raw data inputs without explicit feature extraction. Consequently, adversarial attacks in DL primarily focus on perturbing the raw input data itself to fool the model.

指向原始笔记的链接