Skip to content

vikramnitin9/adversarial-learning-literature

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
README.md
README.md
 
 

Repository files navigation

Adversarial learning literature :

This repo is an attempt to catalog and keep track of publications in the field of Adversarial Machine Learning. This includes Adversarial Attacks, Defences, Robustness Verification and Analysis. Feel free to open a PR if you feel there are papers that I have missed, or if you'd like to add papers from another conference not in this list.

NeurIPS 2019

Attacks

  1. Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks
  2. Functional Adversarial Attacks
  3. Cross-Modal Learning with Adversarial Samples
  4. Improving Black-box Adversarial Attacks with a Transfer-based Prior
  5. Adversarial Music: Real world Audio Adversary against Wake-word Detection System
  6. Cross-Domain Transferability of Adversarial Perturbations
  7. Fooling Neural Network Interpretations via Adversarial Model Manipulation

Defences

  1. Metric Learning for Adversarial Robustness
  2. Defense Against Adversarial Attacks Using Feature Scattering-based Adversarial Training
  3. Adversarial training for free!
  4. On Single Source Robustness in Deep Fusion Models
  5. Certified Adversarial Robustness with Additive Noise
  6. Certifiable Robustness to Graph Perturbations
  7. Unlabeled Data Improves Adversarial Robustness
  8. Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers
  9. Provably robust boosted decision stumps and trees against adversarial attacks
  10. Adversarial Robustness through Local Linearization
  11. Using Self-Supervised Learning Can Improve Model Robustness and Uncertainty
  12. A New Defense Against Adversarial Images: Turning a Weakness into a Strength

Verification

  1. Tight Certificates of Adversarial Robustness for Randomly Smoothed Classifiers
  2. A Convex Relaxation Barrier to Tight Robustness Verification of Neural Networks
  3. Robustness Verification of Tree-based Models
  4. Accurate, reliable and fast robustness evaluation
  5. Provable Certificates for Adversarial Examples: Fitting a Ball in the Union of Polytopes

Analysis

  1. Adversarial Examples Are Not Bugs, They Are Features
  2. Image Synthesis with a Single (Robust) Classifier
  3. Model Compression with Adversarial Robustness: A Unified Optimization Framework
  4. Robustness to Adversarial Perturbations in Learning from Incomplete Data
  5. Adversarial Training and Robustness for Multiple Perturbations
  6. On the Hardness of Robust Classification
  7. Theoretical evidence for adversarial robustness through randomization
  8. Are Labels Required for Improving Adversarial Robustness?
  9. Theoretical Analysis of Adversarial Learning: A Minimax Approach
  10. Convergence of Adversarial Training in Overparametrized Neural Networks
  11. A Fourier Perspective on Model Robustness in Computer Vision
  12. On Robustness to Adversarial Examples and Polynomial Optimization
  13. On Relating Explanations and Adversarial Examples

ICML 2019

Attacks

  1. Adversarial Attacks on Node Embeddings via Graph Poisoning
  2. Adversarial camera stickers: A physical camera-based attack on deep learning systems
  3. NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks
  4. Wasserstein Adversarial Examples via Projected Sinkhorn Iterations
  5. Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition
  6. Parsimonious Black-Box Adversarial Attacks via Efficient Combinatorial Optimization
  7. Simple Black-box Adversarial Attacks

Defences

  1. Improving Adversarial Robustness via Promoting Ensemble Diversity
  2. Robust Decision Trees Against Adversarial Examples
  3. The Odds are Odd: A Statistical Test for Detecting Adversarial Examples
  4. Using Pre-Training Can Improve Model Robustness and Uncertainty
  5. ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation
  6. Certified Adversarial Robustness via Randomized Smoothing

Verification

  1. On Certifying Non-uniform Bounds against Adversarial Attacks
  2. PROVEN: Verifying Robustness of Neural Networks with a Probabilistic Approach

Analysis

  1. First-order Adversarial Vulnerability of Neural Networks and Input Dimension
  2. On the Convergence and Robustness of Adversarial Training
  3. On the Connection Between Adversarial Robustness and Saliency Map Interpretability
  4. Adversarial examples from computational constraints
  5. Limitations of Adversarial Robustness: Strong No Free Lunch Theorem
  6. Rademacher Complexity for Adversarially Robust Generalization
  7. POPQORN: Quantifying Robustness of Recurrent Neural Networks
  8. Are Generative Classifiers More Robust to Adversarial Attacks?
  9. Theoretically Principled Trade-off between Robustness and Accuracy
  10. Adversarial Examples Are a Natural Consequence of Test Error in Noise
  11. Exploring the Landscape of Spatial Robustness
  12. Interpreting Adversarially Trained Convolutional Neural Networks

ICLR 2019 :

Attacks

  1. Adversarial Attacks on Graph Neural Networks via Meta Learning
  2. Prior Convictions: Black-box Adversarial Attacks with Bandits and Priors
  3. Beyond Pixel Norm-Balls: Parametric Adversaries using an Analytically Differentiable Renderer
  4. ADef: an Iterative Algorithm to Construct Adversarial Deformations
  5. Structured Adversarial Attack: Towards General Implementation and Better Interpretability
  6. The Limitations of Adversarial Training and the Blind-Spot Attack
  7. CAMOU: Learning Physical Vehicle Camouflages to Adversarially Attack Detectors in the Wild

Defences

  1. Cost-Sensitive Robustness against Adversarial Examples
  2. Generalizable Adversarial Training via Spectral Normalization
  3. Towards the first adversarially robust neural network model on MNIST
  4. PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks
  5. Characterizing Audio Adversarial Examples Using Temporal Dependency
  6. Improving the Generalization of Adversarial Training with Domain Adaptation
  7. Adv-BNN: Improved Adversarial Defense through Robust Bayesian Neural Network
  8. Adversarial Reprogramming of Neural Networks
  9. Defensive Quantization: When Efficiency Meets Robustness

Verification

  1. Rigorous Agent Evaluation: An Adversarial Approach to Uncover Catastrophic Failures
  2. Training for Faster Adversarial Robustness Verification via Inducing ReLU Stability
  3. Benchmarking Neural Network Robustness to Common Corruptions and Perturbations
  4. Evaluating Robustness of Neural Networks with Mixed Integer Programming
  5. A Statistical Approach to Assessing Neural Network Robustness
  6. Robustness Certification with Refinement

Analysis

  1. Excessive Invariance Causes Adversarial Vulnerability
  2. On the Sensitivity of Adversarial Robustness to Input Data Distributions
  3. Robustness May Be at Odds with Accuracy
  4. Are adversarial examples inevitable?

NIPS 2018 :

Attacks

  1. Adversarial Examples that Fool both Computer Vision and Time-Limited Humans
  2. Adversarial Attacks on Stochastic Bandits
  3. Constructing Unrestricted Adversarial Examples with Generative Models

Defences

  1. Deep Defense: Training DNNs with Improved Adversarial Robustness
  2. Scaling provable adversarial defenses
  3. Thwarting Adversarial Examples: An L_0-Robust Sparse Fourier Transform
  4. Bayesian Adversarial Learning
  5. Towards Robust Detection of Adversarial Examples
  6. Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples
  7. Robust Detection of Adversarial Attacks by Modeling the Intrinsic Properties of Deep Neural Networks
  8. A Simple Unified Framework for Detecting Out-of-Distribution Samples and Adversarial Attacks

Verification

  1. Semidefinite relaxations for certifying robustness to adversarial examples

Analysis

  1. Adversarially Robust Generalization Requires More Data
  2. A Spectral View of Adversarially Robust Features
  3. Adversarial vulnerability for any classifier
  4. Adversarial Risk and Robustness: General Definitions and Implications for the Uniform Distribution

ICML 2018 :

Attacks

  1. Synthesizing Robust Adversarial Examples
  2. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks
  3. Black-box Adversarial Attacks with Limited Queries and Information
  4. Adversarial Attack on Graph Structured Data
  5. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
  6. LaVAN: Localized and Visible Adversarial Noise

Defences

  1. Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope
  2. Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training
  3. Differentiable Abstract Interpretation for Provably Robust Neural Networks

Verification

  1. Towards Fast Computation of Certified Robustness for ReLU Networks

Analysis

  1. Adversarial Regression with Multiple Learners
  2. Learning Adversarially Fair and Transferable Representations
  3. Analyzing the Robustness of Nearest Neighbors to Adversarial Examples

ICLR 2018 :

Attacks

  1. Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models
  2. Generating Natural Adversarial Examples
  3. Spatially Transformed Adversarial Examples

Defences

  1. Towards Deep Learning Models Resistant to Adversarial Attacks
  2. Countering Adversarial Images using Input Transformations
  3. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples
  4. Stochastic Activation Pruning for Robust Adversarial Defense
  5. Thermometer Encoding: One Hot Way To Resist Adversarial Examples
  6. Certified Defenses against Adversarial Examples
  7. Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models
  8. Ensemble Adversarial Training: Attacks and Defenses
  9. Mitigating Adversarial Effects Through Randomization
  10. Certifying Some Distributional Robustness with Principled Adversarial Training
  11. Cascade Adversarial Machine Learning Regularized with a Unified Embedding

Analysis

  1. Decision Boundary Analysis of Adversarial Examples
  2. Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality

NIPS 2017 :

  1. Houdini: Fooling Deep Structured Visual and Speech Recognition Models with Adversarial Examples
  2. Formal Guarantees on the Robustness of a Classifier against Adversarial Manipulation
  3. Lower bounds on the robustness to adversarial perturbations

ICML 2017

  1. Parseval Networks: Improving Robustness to Adversarial Examples

ICLR 2017

Attacks

  1. Tactics of Adversarial Attack on Deep Reinforcement Learning Agents

Defences

  1. Adversarial Machine Learning at Scale
  2. DeepCloak: Masking Deep Neural Network Models for Robustness Against Adversarial Samples
  3. Adversarial Training Methods for Semi-Supervised Text Classification
  4. Early Methods for Detecting Adversarial Images
  5. Robustness to Adversarial Examples through an Ensemble of Specialists

Analysis

  1. Delving into adversarial attacks on deep policies

NIPS 2016 :

  1. Robustness of classifiers: from adversarial to random noise
  2. Measuring Neural Net Robustness with Constraints

ICLR 2016 :

  1. Distributional Smoothing with Virtual Adversarial Training
  2. Adversarial Manipulation of Deep Representations

ICLR 2015 :

  1. Explaining and Harnessing Adversarial Examples
  2. Towards Deep Neural Network Architectures Robust to Adversarial Examples

NIPS 2014 :

  1. Feature Cross-Substitution in Adversarial Classification

ICLR 2014 :

  1. Intriguing properties of neural networks

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

37 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published