ICML 2018

Timezone: »

Oral

Adversarial Risk and the Dangers of Evaluating Against Weak Attacks

Jonathan Uesato · Brendan O'Donoghue · Pushmeet Kohli · Aäron van den Oord

Wed Jul 11 08:50 AM -- 09:00 AM (PDT) @ A7

in Deep Learning (Adversarial) 1 »

This paper investigates recently proposed approaches for defending against adversarial examples and evaluating adversarial robustness. We motivate \emph{adversarial risk} as an objective for achieving models robust to worst-case inputs. We then frame commonly used attacks and evaluation metrics as defining a tractable surrogate objective to the true adversarial risk. This suggests that models may optimize this surrogate rather than the true adversarial risk. We formalize this notion as \textit{obscurity to an adversary}, and develop tools and heuristics for identifying obscured models and designing transparent models. We demonstrate that this is a significant problem in practice by repurposing gradient-free optimization techniques into adversarial attacks, which we use to decrease the accuracy of several recently proposed defenses to near zero. Our hope is that our formulations and results will help researchers to develop more powerful defenses.

[ PDF]

Author Information

Jonathan Uesato (DeepMind)

Brendan O'Donoghue (DeepMind)

Pushmeet Kohli (DeepMind)

Aäron van den Oord (Google Deepmind)

Related Events (a corresponding poster, oral, or spotlight)

2018 Poster: Adversarial Risk and the Dangers of Evaluating Against Weak Attacks »
Wed. Jul 11th 04:15 -- 07:00 PM Room Hall B #132

More from the Same Authors

2021 : An Empirical Investigation of Learning from Biased Toxicity Labels »
Neel Nanda · Jonathan Uesato · Sven Gowal
2021 Poster: Vector Quantized Models for Planning »
Sherjil Ozair · Yazhe Li · Ali Razavi · Ioannis Antonoglou · Aäron van den Oord · Oriol Vinyals
2021 Spotlight: Vector Quantized Models for Planning »
Sherjil Ozair · Yazhe Li · Ali Razavi · Ioannis Antonoglou · Aäron van den Oord · Oriol Vinyals
2020 : Invited Talk: Contrastive Predictive Coding for audio representation learning »
Aäron van den Oord
2019 Poster: On Variational Bounds of Mutual Information »
Ben Poole · Sherjil Ozair · Aäron van den Oord · Alexander Alemi · George Tucker
2019 Oral: On Variational Bounds of Mutual Information »
Ben Poole · Sherjil Ozair · Aäron van den Oord · Alexander Alemi · George Tucker
2019 Poster: CompILE: Compositional Imitation Learning and Execution »
Thomas Kipf · Yujia Li · Hanjun Dai · Vinicius Zambaldi · Alvaro Sanchez-Gonzalez · Edward Grefenstette · Pushmeet Kohli · Peter Battaglia
2019 Poster: Structured agents for physical construction »
Victor Bapst · Alvaro Sanchez-Gonzalez · Carl Doersch · Kimberly Stachenfeld · Pushmeet Kohli · Peter Battaglia · Jessica Hamrick
2019 Oral: CompILE: Compositional Imitation Learning and Execution »
Thomas Kipf · Yujia Li · Hanjun Dai · Vinicius Zambaldi · Alvaro Sanchez-Gonzalez · Edward Grefenstette · Pushmeet Kohli · Peter Battaglia
2019 Oral: Structured agents for physical construction »
Victor Bapst · Alvaro Sanchez-Gonzalez · Carl Doersch · Kimberly Stachenfeld · Pushmeet Kohli · Peter Battaglia · Jessica Hamrick
2019 Poster: Graph Matching Networks for Learning the Similarity of Graph Structured Objects »
Yujia Li · Chenjie Gu · Thomas Dullien · Oriol Vinyals · Pushmeet Kohli
2019 Oral: Graph Matching Networks for Learning the Similarity of Graph Structured Objects »
Yujia Li · Chenjie Gu · Thomas Dullien · Oriol Vinyals · Pushmeet Kohli
2018 Poster: The Uncertainty Bellman Equation and Exploration »
Brendan O'Donoghue · Ian Osband · Remi Munos · Vlad Mnih
2018 Poster: Parallel WaveNet: Fast High-Fidelity Speech Synthesis »
Aäron van den Oord · Yazhe Li · Igor Babuschkin · Karen Simonyan · Oriol Vinyals · Koray Kavukcuoglu · George van den Driessche · Edward Lockhart · Luis C Cobo · Florian Stimberg · Norman Casagrande · Dominik Grewe · Seb Noury · Sander Dieleman · Erich Elsen · Nal Kalchbrenner · Heiga Zen · Alex Graves · Helen King · Tom Walters · Dan Belov · Demis Hassabis
2018 Poster: Efficient Neural Audio Synthesis »
Nal Kalchbrenner · Erich Elsen · Karen Simonyan · Seb Noury · Norman Casagrande · Edward Lockhart · Florian Stimberg · Aäron van den Oord · Sander Dieleman · Koray Kavukcuoglu
2018 Oral: The Uncertainty Bellman Equation and Exploration »
Brendan O'Donoghue · Ian Osband · Remi Munos · Vlad Mnih
2018 Oral: Parallel WaveNet: Fast High-Fidelity Speech Synthesis »
Aäron van den Oord · Yazhe Li · Igor Babuschkin · Karen Simonyan · Oriol Vinyals · Koray Kavukcuoglu · George van den Driessche · Edward Lockhart · Luis C Cobo · Florian Stimberg · Norman Casagrande · Dominik Grewe · Seb Noury · Sander Dieleman · Erich Elsen · Nal Kalchbrenner · Heiga Zen · Alex Graves · Helen King · Tom Walters · Dan Belov · Demis Hassabis
2018 Oral: Efficient Neural Audio Synthesis »
Nal Kalchbrenner · Erich Elsen · Karen Simonyan · Seb Noury · Norman Casagrande · Edward Lockhart · Florian Stimberg · Aäron van den Oord · Sander Dieleman · Koray Kavukcuoglu
2018 Poster: Programmatically Interpretable Reinforcement Learning »
Abhinav Verma · Vijayaraghavan Murali · Rishabh Singh · Pushmeet Kohli · Swarat Chaudhuri
2018 Oral: Programmatically Interpretable Reinforcement Learning »
Abhinav Verma · Vijayaraghavan Murali · Rishabh Singh · Pushmeet Kohli · Swarat Chaudhuri
2017 Poster: Count-Based Exploration with Neural Density Models »
Georg Ostrovski · Marc Bellemare · Aäron van den Oord · Remi Munos
2017 Talk: Count-Based Exploration with Neural Density Models »
Georg Ostrovski · Marc Bellemare · Aäron van den Oord · Remi Munos
2017 Poster: Parallel Multiscale Autoregressive Density Estimation »
Scott Reed · Aäron van den Oord · Nal Kalchbrenner · Sergio Gómez Colmenarejo · Ziyu Wang · Yutian Chen · Dan Belov · Nando de Freitas
2017 Poster: Video Pixel Networks »
Nal Kalchbrenner · Karen Simonyan · Aäron van den Oord · Ivo Danihelka · Oriol Vinyals · Alex Graves · Koray Kavukcuoglu
2017 Talk: Video Pixel Networks »
Nal Kalchbrenner · Karen Simonyan · Aäron van den Oord · Ivo Danihelka · Oriol Vinyals · Alex Graves · Koray Kavukcuoglu
2017 Talk: Parallel Multiscale Autoregressive Density Estimation »
Scott Reed · Aäron van den Oord · Nal Kalchbrenner · Sergio Gómez Colmenarejo · Ziyu Wang · Yutian Chen · Dan Belov · Nando de Freitas