Timezone: »
We identify obfuscated gradients, a kind of gradient masking, as a phenomenon that leads to a false sense of security in defenses against adversarial examples. While defenses that cause obfuscated gradients appear to defeat iterative optimization-based attacks, we find defenses relying on this effect can be circumvented. We describe characteristic behaviors of defenses exhibiting the effect, and for each of the three types of obfuscated gradients we discover, we develop attack techniques to overcome it. In a case study, examining non-certified white-box-secure defenses at ICLR 2018, we find obfuscated gradients are a common occurrence, with 7 of 9 defenses relying on obfuscated gradients. Our new attacks successfully circumvent 6 completely, and 1 partially, in the original threat model each paper considers.
Author Information
Anish Athalye (MIT CSAIL)
Nicholas Carlini (University of California, Berkeley)
David Wagner (UC Berkeley)
Related Events (a corresponding poster, oral, or spotlight)
-
2018 Oral: Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples »
Thu. Jul 12th 12:50 -- 01:10 PM Room A7
More from the Same Authors
-
2022 Poster: Demystifying the Adversarial Robustness of Random Transformation Defenses »
Chawin Sitawarin · Zachary Golan-Strieb · David Wagner -
2022 Spotlight: Demystifying the Adversarial Robustness of Random Transformation Defenses »
Chawin Sitawarin · Zachary Golan-Strieb · David Wagner -
2018 Poster: Black-box Adversarial Attacks with Limited Queries and Information »
Andrew Ilyas · Logan Engstrom · Anish Athalye · Jessy Lin -
2018 Oral: Black-box Adversarial Attacks with Limited Queries and Information »
Andrew Ilyas · Logan Engstrom · Anish Athalye · Jessy Lin -
2018 Poster: Synthesizing Robust Adversarial Examples »
Anish Athalye · Logan Engstrom · Andrew Ilyas · Kevin Kwok -
2018 Oral: Synthesizing Robust Adversarial Examples »
Anish Athalye · Logan Engstrom · Andrew Ilyas · Kevin Kwok