Files in this item



application/pdfECE499-Sp2018-xiong.pdf (675kB)Restricted to U of Illinois
(no description provided)PDF


Title:Using Wasserstein GAN to generate high quality adversarial examples
Author(s):Xiong, Zhihan
Contributor(s):Moulin, Pierre
Subject(s):adversarial machine learning
white-box targeted attack
Wasserstein GAN
neural networks
Abstract:Although Deep Neural Networks (DNNs) have state-of-the-art performance in various machine learning tasks, in recent years, they are found to be vulnerable to so-called adversarial examples Specifically, take x is an element of D on which a neural network has very high classification accuracy. It is possible to find some small perturbation Δx so that even though the difference between x and x + Δx = x′ is almost imperceptible to humans, the given neural network is very likely to incorrectly classify x + Δx. Several gradient and optimization based methods have been proposed to create such adversarial examples x′, but many of them cannot achieve high speed and high quality x′ simultaneously. In this thesis, we propose a new algorithm to generate adversarial examples based on Generative Adversarial Networks (GANs), specifically, a modification to the training algorithm of the Improved Wasserstein GAN. The trained generator is able to create x′ very similar to the original x while keeping the classification accuracy of the target model as low as the state-of-the-art attack. Furthermore, although training a GAN might be slow, after it is trained, it can generate adversarial examples much faster than previous optimization-based methods. Our goal is for this work to be used for further research on robust neural networks.
Issue Date:2018-05
Date Available in IDEALS:2018-05-25

This item appears in the following Collection(s)

Item Statistics