Adversarial Transfer Attacks with Unknown Data and Class Overlap
| dc.contributor.author | Richards, Luke E. | |
| dc.contributor.author | Nguyen, André | |
| dc.contributor.author | Capps, Ryan | |
| dc.contributor.author | Forsythe, Steven | |
| dc.contributor.author | Matuszek, Cynthia | |
| dc.contributor.author | Raff, Edward | |
| dc.date.accessioned | 2022-04-21T14:29:54Z | |
| dc.date.available | 2022-04-21T14:29:54Z | |
| dc.date.issued | 2021-11-15 | |
| dc.description | AISec ’21, November 15, 2021, Virtual Event, Republic of Korea | en_US |
| dc.description.abstract | The ability to transfer adversarial attacks from one model (the surrogate) to another model (the victim) has been an issue of concern within the machine learning (ML) community. The ability to successfully evade unseen models represents an uncomfortable level of ease toward implementing attacks. In this work we note that as studied, current transfer attack research has an unrealistic advantage for the attacker: the attacker has the exact same training data as the victim. We present the first study of transferring adversarial attacks focusing on the data available to attacker and victim under imperfect settings without querying the victim, where there is some variable level of overlap in the exact data used or in the classes learned by each model. This threat model is relevant to applications in medicine, malware, and others. Under this new threat model attack success rate is not correlated with data or class overlap in the way one would expect, and varies with dataset. This makes it difficult for attacker and defender to reason about each other and contributes to the broader study of model robustness and security. We remedy this by developing a masked version of Projected Gradient Descent that simulates class disparity, which enables the attacker to reliably estimate a lower-bound on their attack's success. | en_US |
| dc.description.uri | https://dl.acm.org/doi/abs/10.1145/3474369.3486862 | en_US |
| dc.format.extent | 12 pages | en_US |
| dc.genre | conference papers and proceedings | en_US |
| dc.identifier | doi:10.13016/m2qy0t-fbbz | |
| dc.identifier.citation | Luke E. Richards, André Nguyen, Ryan Capps, Steven Forsyth, Cynthia Matuszek, and Edward Raff. 2021. Adversarial Transfer Attacks With Unknown Data and Class Overlap. In Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security (AISec '21). Association for Computing Machinery, New York, NY, USA, 13–24. https://doi.org/10.1145/3474369.3486862 | en_US |
| dc.identifier.uri | https://doi.org/10.1145/3474369.3486862 | |
| dc.identifier.uri | http://hdl.handle.net/11603/24608 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | ACM | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | en_US |
| dc.subject | UMBC Interactive Robotics and Language Lab | |
| dc.title | Adversarial Transfer Attacks with Unknown Data and Class Overlap | en_US |
| dc.type | Text | en_US |
| dcterms.creator | https://orcid.org/0000-0003-1383-8120 |
Files
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 2.56 KB
- Format:
- Item-specific license agreed upon to submission
- Description: