Workshop

A Blessing in Disguise: The Prospects and Perils of Adversarial Machine Learning

Hang Su · Yinpeng Dong · Tianyu Pang · Eric Wong · Zico Kolter · Shuo Feng · Bo Li · Henry Liu · Dan Hendrycks · Francesco Croce · Leslie Rice · Tian Tian

Project Page

Abstract

Adversarial machine learning is a new gamut of technologies that aim to study the vulnerabilities of ML approaches and detect malicious behaviors in adversarial settings. The adversarial agents can deceive an ML classifier by significantly altering its response with imperceptible perturbations to the inputs. Although it is not to be alarmist, researchers in machine learning are responsible for preempting attacks and building safeguards, especially when the task is critical for information security and human lives. We need to deepen our understanding of machine learning in adversarial environments.

While the negative implications of this nascent technology have been widely discussed, researchers in machine learning are yet to explore their positive opportunities in numerous aspects. The positive impacts of adversarial machine learning are not limited to boost the robustness of ML models but cut across several other domains.

Since there are both positive and negative applications of adversarial machine learning, tackling adversarial learning to its use in the right direction requires a framework to embrace the positives. This workshop aims to bring together researchers and practitioners from various communities (e.g., machine learning, computer security, data privacy, and ethics) to synthesize promising ideas and research directions and foster and strengthen cross-community collaborations on both theoretical studies and practical applications. Different from the previous workshops on adversarial machine learning, our proposed workshop seeks to explore the prospects besides reducing the unintended risks for sophisticated ML models.

This is a one-day workshop, planned with a 10-minute opening, 11 invited keynotes, about 9 contributed talks, 2 poster sessions, and 2 special sessions for panel discussion about the prospects and perils of adversarial machine learning.

The workshop is kindly sponsored by RealAI Inc. and Bosch.

Video

Chat is not available.

Schedule

Timezone: America/Los_Angeles

4:45 AM

Opening Remarks Demonstration

Hang Su

Video

5:00 AM

Invited Talk #1 Demonstration

Liwei Wang

Video

5:30 AM

Invited Talk #2 Demonstration

Sven Gowal

Video

6:00 AM

Contributed Talk #1 Demonstration

Yiming Li

Video

6:05 AM

Contributed Talk #2 Demonstration

Evani Radiya-Dixit

Video

6:10 AM

Invited Talk #3 Demonstration

Matthias Hein

Video

6:40 AM

Invited Talk #4 Demonstration

Aleksander Madry

Video

7:10 AM

Contributed Talk #3 Demonstration

Maura Pintor

Video

7:15 AM

Contributed Talk #4 Demonstration

Florian Tramer

Video

7:20 AM

Invited Talk #5 Demonstration

Jan Hendrik Metzen

Video

7:50 AM

Discussion Panel #1 Discussion Panel

Hang Su · Matthias Hein · Liwei Wang · Sven Gowal · Jan Hendrik Metzen · Henry Liu · Yisen Wang

Video

8:30 AM

Poster Session #1 Poster

9:30 AM

Invited Talk #6 Demonstration

Henry Liu

Video

10:00 AM

Invited Talk #7 Demonstration

Nicholas Carlini

Video

10:30 AM

Contributed Talk #5 Demonstration

Wan-Yi Lin

Video

10:35 AM

Contributed Talk #6 Demonstration

Jihoon Tack

Video

10:40 AM

Invited Talk #8 Demonstration

Andrzej Banburski

Video

11:10 AM

Invited Talk #9 Demonstration

Kamalika Chaudhuri

Video

11:40 AM

Contributed Talk #7 Demonstration

Rahul Rade

Video

11:45 AM

Contributed Talk #8 Demonstration

Sandeep Silwal

Video

11:50 AM

Invited Talk #10 Demonstration

Cihang Xie

Video

12:20 PM

Invited Talk #11 Demonstration

Will Xiao

Video

12:50 PM

Discussion Panel #2 Discussion Panel

Bo Li · Nicholas Carlini · Andrzej Banburski · Kamalika Chaudhuri · Will Xiao · Cihang Xie

Video

1:30 PM

Contributed Talk #9 Demonstration

Keji Han

Video

1:35 PM

Poster Session #2 Poster

Adversarial Interaction Attacks: Fooling AI to Misinterpret Human Intentions Poster

Nodens Koren · Xingjun Ma · Qiuhong Ke · Yisen Wang · James Bailey

Towards Achieving Adversarial Robustness Beyond Perceptual Limits Poster

Sravanti Addepalli · Samyak Jain · Gaurang Sriramanan · Shivangi Khare · Venkatesh Babu Radhakrishnan

Video

Using Anomaly Feature Vectors for Detecting, Classifying and Warning of Outlier Adversarial Examples Poster

Nelson Manohar-Alers · Ryan Feng · Sahib Singh · Jiguo Song · Atul Prakash

Maximizing the robust margin provably overfits on noiseless data Poster

Fanny Yang · Reinhard Heckel · Michael Aerni · Alexandru Tifrea · Konstantin Donhauser

Video

Adversarially Trained Neural Policies in the Fourier Domain Poster

Ezgi Korkmaz

Non-Robust Feature Mapping in Deep Reinforcement Learning Poster

Ezgi Korkmaz

Adversarial for Good? How the Adversarial ML Community's Values Impede Socially Beneficial Uses of Attacks Poster

Kendra Albert · Maggie Delano · Bogdan Kulynych · Ram Shankar Siva Kumar

Video

Attacking Few-Shot Classifiers with Adversarial Support Poisoning Poster

Elre Oldewage · John Bronskill · Richard E Turner

Video

Attention-Guided Black-box Adversarial Attacks with Large-Scale Multiobjective Evolutionary Optimization Poster

Jie Wang · Zhaoxia Yin · Jing Jiang · Yang Du

Long-term Cross Adversarial Training: A Robust Meta-learning Method for Few-shot Classification Tasks Poster

FAN LIU · Shuyu Zhao · Xuelong Dai · Bin Xiao

Data Poisoning Won’t Save You From Facial Recognition Poster

Evani Radiya-Dixit · Florian Tramer

Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them Poster

Florian Tramer

Demystifying Adversarial Training via A Unified Probabilistic Framework Poster

Zhouchen Lin · Yisen Wang · Jiansheng Yang · Yifei Wang

Red Alarm for Pre-trained Models: Universal Vulnerability to Neuron-Level Backdoor Attacks Poster

Zhengyan Zhang · Guangxuan Xiao · Yongwei Li · Tian Lv · Fanchao Qi · Zhiyuan Liu · Yasheng Wang · Xin Jiang · Maosong Sun

Self-Supervised Iterative Contextual Smoothing for Efficient Adversarial Defense against Gray- and Black-Box Attack Poster

Sungmin Cha · Naeun Ko · YoungJoon Yoo · Taesup Moon

Video

Towards Safe Reinforcement Learning via Constraining Conditional Value at Risk Poster

Chengyang Ying · Xinning Zhou · Dong Yan · Jun Zhu

Universal Adversarial Head: Practical Protection against Video Data Leakage Poster

Jiawang Bai · Bin Chen · Dongxian Wu · Chaoning Zhang · Shutao Xia

Video

Membership Inference Attacks on Lottery Ticket Networks Poster

Aadesh Bagmar · Shishira Maiya · Shruti Bidwalkar · Amol Deshpande

The Interplay between Distribution Parameters and the Accuracy-Robustness Tradeoff in Classification Poster

Seyed Alireza Mousavi Hosseini · Amir Mohammad Abouei · Mohammad H Rohban

Video

Limited Budget Adversarial Attack Against Online Image Stream Poster

Hossein Mohasel Arjomandi · Mohammad Khalooei · Maryam Amirmazlaghani

Video

Disrupting Model Training with Adversarial Shortcuts Poster

Aditya Kusupati · Tadayoshi Kohno · Ivan Evtimov · Ian Covert

Empirical robustification of pre-trained classifiers Poster

Mohammad Sadegh Norouzzadeh · Wan-Yi Lin · Leonid Boytsov · Leslie Rice · Huan Zhang · Filipe Condessa · Zico Kolter

Less is More: Feature Selection for Adversarial Robustness with Compressive Counter-Adversarial Attacks Poster

Emre Ozfatura · Muhammad Zaid Hameed · Kerem Ozfatura · Deniz Gunduz

Helper-based Adversarial Training: Reducing Excessive Margin to Achieve a Better Accuracy vs. Robustness Trade-off Poster

Rahul Rade · Seyed Moosavi

AID-Purifier: A Light Auxiliary Network for Boosting Adversarial Defense Poster

Duhun Hwang · Eunjung Lee · Wonjong Rhee

Video

Is It Time to Redefine the Classification Task for Deep Learning Systems? Poster

Keji Han · Yun Li · Songcan Chen

Video

Boosting Transferability of Targeted Adversarial Examples via Hierarchical Generative Networks Poster

Xiao Yang · Yinpeng Dong · Tianyu Pang

Strategically-timed State-Observation Attacks on Deep Reinforcement Learning Agents Poster

You Qiaoben · Xinning Zhou · Chengyang Ying · Jun Zhu

Whispering to DNN: A Speech Steganographic Scheme Based on Hidden Adversarial Examples for Speech Recognition Models Poster

Haozhe Chen · Weiming Zhang · Kejiang Chen · Nenghai Yu

Improving Visual Quality of Unrestricted Adversarial Examples with Wavelet-VAE Poster

Wenzhao Xiang · Chang Liu · Shibao Zheng

Video

Generate More Imperceptible Adversarial Examples for Object Detection Poster

Siyuan Liang · Xingxing Wei · Xiaochun Cao

Video

Out of Distribution Detection and Adversarial Attacks on Deep Neural Networks for Robust Medical Image Analysis Poster

Anisie Uwimana · Ransalu Senanayake

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples Poster

Maura Pintor · Luca Demetrio · Angelo Sotgiu · Giovanni Manca · Ambra Demontis · Nicholas Carlini · Battista Biggio · Fabio Roli

Video

Certified robustness against adversarial patch attacks via randomized cropping Poster

Wan-Yi Lin · Fatemeh Sheikholeslami · jinghao shi · Leslie Rice · Zico Kolter

Generalizing Adversarial Training to Composite Semantic Perturbations Poster

Yun-Yun Tsai · Lei Hsiung · Pin-Yu Chen · Tsung-Yi Ho

Video

Adversarial Robustness of Streaming Algorithms through Importance Sampling Poster

Vladimir Braverman · Avinatan Hasidim · Yossi Matias · Mariano Schain · Sandeep Silwal · Samson Zhou

Enhancing Certified Robustness via Smoothed Weighted Ensembling Poster

Chizhou Liu · Yunzhen Feng · Ranran Wang · Bin Dong

Attacking Graph Classification via Bayesian Optimisation Poster

Xingchen Wan · Henry Kenlay · Binxin Ru · Arno Blaas · Michael A Osborne · Xiaowen Dong

Fast Minimum-norm Adversarial Attacks through Adaptive Norm Constraints Poster

Maura Pintor · Fabio Roli · Wieland Brendel · Battista Biggio

Adversarial EXEmples: Functionality-preserving Optimization of Adversarial Windows Malware Poster

Luca Demetrio · Battista Biggio · Giovanni Lagorio · Alessandro Armando · Fabio Roli · Luca Demetrio

Video

On Frank-Wolfe Adversarial Training Poster

Theodoros Tsiligkaridis · Jay Roberts

Video

ROPUST: Improving Robustness through Fine-tuning with Photonic Processors and Synthetic Gradients Poster

Alessandro Cappelli · Ruben Ohana · Julien Launay · Laurent Meunier · Iacopo Poli

SmoothMix: Training Confidence-calibrated Smoothed Classifiers for Certified Adversarial Robustness Poster

Jongheon Jeong · Sejun Park · Minkyu Kim · Heung-Chang Lee · Doguk Kim · Jinwoo Shin

Combating Adversaries with Anti-Adversaries Poster

Motasem Alfarra · Juan C Perez · Ali Thabet · Adel Bibi · Phil Torr · Bernard Ghanem

Adversarial Semantic Contour for Object Detection Poster

Yichi Zhang · Zijian Zhu · Xiao Yang · Jun Zhu

Video

Hidden Patch Attacks for Optical Flow Poster

Benjamin Wortman

Poisoning the Search Space in Neural Architecture Search Poster

Robert Wu · Nayan Saxena · Rohan Jain

Adversarially Robust Learning via Entropic Regularization Poster

Gauri Jagatap · Ameya Joshi · Animesh Chowdhury · Siddharth Garg · Chinmay Hegde

Fast Certified Robust Training with Short Warmup Poster

Zhouxing Shi · Yihan Wang · Huan Zhang · Jinfeng Yi · Cho-Jui Hsieh

Video

Entropy Weighted Adversarial Training Poster

Minseon Kim · Jihoon Tack · Jinwoo Shin · Sung Ju Hwang

Consistency Regularization for Adversarial Robustness Poster

Jihoon Tack · Sihyun Yu · Jongheon Jeong · Minseon Kim · Sung Ju Hwang · Jinwoo Shin

Examining the Human Perceptibility of Black-Box Adversarial Attacks on Face Recognition Poster

Benjamin Spetter-Goldstein · Nataniel Ruiz · Sarah Bargal

Video

On Success and Simplicity: A Second Look at Transferable Targeted Attacks Poster

Zhengyu Zhao · Zhuoran Liu · Martha Larson

Video

On the Effectiveness of Poisoning against Unsupervised Domain Adaptation Poster

Akshay Mehra · Bhavya Kailkhura · Pin-Yu Chen · Jihun Hamm

Video

Detecting AutoAttack Perturbations in the Frequency Domain Poster

Peter Lorenz · Paula Harder · Dominik Straßel · Margret Keuper · Janis Keuper

Video

Defending Adversaries Using Unsupervised Feature Clustering VAE Poster

Cheng Zhang · Pan Gao

Audio Injection Adversarial Example Attack Poster

Xiaolei Liu · Xingshu Chen · Mingyong Yin · Yulong Wang · Teng Hu · Kangyi Ding

A Closer Look at the Adversarial Robustness of Information Bottleneck Models Poster

Iryna Korshunova · David Stutz · Alexander Alemi · Olivia Wiles · Sven Gowal

Defending against Model Stealing via Verifying Embedded External Features Poster

Linghui Zhu · Yiming Li · Xiaojun Jia · Yong Jiang · Shutao Xia · Xiaochun Cao

Improve Generalization and Robustness of Neural Networks via Weight Scale Shifting Invariant Regularizations Poster

Ziquan Liu · Yufei Cui · Antoni Chan

Towards Transferable Adversarial Perturbations with Minimum Norm Poster

Fangcheng Liu · Chao Zhang · Hongyang Zhang

Video

Uncovering Universal Features: How Adversarial Training Improves Adversarial Transferability Poster

Jacob M Springer · Melanie Mitchell · Garrett T Kenyon

Video

Adversarial Sample Detection via Channel Pruning Poster

Zuohui Chen · RenXuan Wang · Yao Lu · jingyang Xiang · Qi Xuan

Meta Adversarial Training against Universal Patches Poster

Jan Hendrik Metzen · Nicole Finnie · Robin Hutmacher

Video

A Primer on Multi-Neuron Relaxation-based Adversarial Robustness Certification Poster

Kevin Roth

Beta-CROWN: Efficient Bound Propagation with Per-neuron Split Constraints for Neural Network Robustness Verification Poster

Shiqi Wang · Huan Zhang · Kaidi Xu · Xue Lin · Suman Jana · Cho-Jui Hsieh · Zico Kolter

Video

Robust Recovery of Adversarial Samples Poster

Tejas Bana · Siddhant Kulkarni · Jatan Loya

Query-based Adversarial Attacks on Graph with Fake Nodes Poster

Zhengyi Wang · Zhongkai Hao · Jun Zhu

BadNL: Backdoor Attacks Against NLP Models Poster

Xiaoyi Chen · Ahmed Salem · Michael Backes · Shiqing Ma · Yang Zhang