Timezone: »
In this work, we consider one challenging training time attack by modifying training data with bounded perturbation, hoping to manipulate the behavior (both targeted or non-targeted) of any corresponding trained classifier during test time when facing clean samples. To achieve this, we proposed to use an auto-encoder-like network to generate such adversarial perturbations on the training data together with one imaginary victim differentiable classifier. The perturbation generator will learn to update its weights so as to produce the most harmful noise, aiming to cause the lowest performance for the victim classifier during test time. This can be formulated into a non-linear equality constrained optimization problem. Unlike GANs, solving such problem is computationally challenging, we then proposed a simple yet effective procedure to decouple the alternating updates for the two networks for stability. By teaching the perturbation generator to hijacking the training trajectory of the victim classifier, the generator can thus learn to move against the victim classifier step by step. The method proposed in this paper can be easily extended to the label specific setting where the attacker can manipulate the predictions of the victim classifier according to some predefined rules rather than only making wrong predictions. Experiments on various datasets including CIFAR-10 and a reduced version of ImageNet confirmed the effectiveness of the proposed method and empirical results showed that, such bounded perturbations have good transferability across different types of victim classifiers.
Author Information
Ji Feng (Sinovation Ventures)
Qi-Zhi Cai (Sinovation Ventures)
Zhi-Hua Zhou (Nanjing University)
More from the Same Authors
-
2022 Spotlight: Real-Valued Backpropagation is Unsuitable for Complex-Valued Neural Networks »
Zhi-Hao Tan · Yi Xie · Yuan Jiang · Zhi-Hua Zhou -
2022 Spotlight: Lightning Talks 3A-2 »
shuwen yang · Xu Zhang · Delvin Ce Zhang · Lan-Zhe Guo · Renzhe Xu · Zhuoer Xu · Yao-Xiang Ding · Weihan Li · Xingxuan Zhang · Xi-Zhu Wu · Zhenyuan Yuan · Hady Lauw · Yu Qi · Yi-Ge Zhang · Zhihao Yang · Guanghui Zhu · Dong Li · Changhua Meng · Kun Zhou · Gang Pan · Zhi-Fan Wu · Bo Li · Minghui Zhu · Zhi-Hua Zhou · Yafeng Zhang · Yingxueff Zhang · shiwen cui · Jie-Jing Shao · Zhanguang Zhang · Zhenzhe Ying · Xiaolong Chen · Yu-Feng Li · Guojie Song · Peng Cui · Weiqiang Wang · Ming GU · Jianye Hao · Yihua Huang -
2022 Spotlight: Pre-Trained Model Reusability Evaluation for Small-Data Transfer Learning »
Yao-Xiang Ding · Xi-Zhu Wu · Kun Zhou · Zhi-Hua Zhou -
2022 Poster: Adapting to Online Label Shift with Provable Guarantees »
Yong Bai · Yu-Jie Zhang · Zhi-Hua Zhou · Masashi Sugiyama · Zhi-Hua Zhou -
2022 Poster: Theoretically Provable Spiking Neural Networks »
Shao-Qun Zhang · Zhi-Hua Zhou -
2022 Poster: Pre-Trained Model Reusability Evaluation for Small-Data Transfer Learning »
Yao-Xiang Ding · Xi-Zhu Wu · Kun Zhou · Zhi-Hua Zhou -
2022 Poster: Sound and Complete Causal Identification with Latent Variables Given Local Background Knowledge »
Tian-Zuo Wang · Tian Qin · Zhi-Hua Zhou -
2022 Poster: Efficient Methods for Non-stationary Online Learning »
Zhi-Hua Zhou · Yan-Feng Xie · Lijun Zhang · Zhi-Hua Zhou -
2022 Poster: Real-Valued Backpropagation is Unsuitable for Complex-Valued Neural Networks »
Zhi-Hao Tan · Yi Xie · Yuan Jiang · Zhi-Hua Zhou -
2022 Poster: Depth is More Powerful than Width with Prediction Concatenation in Deep Forest »
Shen-Huan Lyu · Yi-Xiao He · Zhi-Hua Zhou -
2021 Poster: Actively Identifying Causal Effects with Latent Variables Given Only Response Variable Observable »
Tian-Zuo Wang · Zhi-Hua Zhou -
2021 Poster: Dual Adaptivity: A Universal Algorithm for Minimizing the Adaptive Regret of Convex Functions »
Lijun Zhang · Guanghui Wang · Wei-Wei Tu · Wei Jiang · Zhi-Hua Zhou -
2020 Poster: Dynamic Regret of Convex and Smooth Functions »
Zhi-Hua Zhou · Yu-Jie Zhang · Lijun Zhang · Zhi-Hua Zhou -
2020 Poster: An Unbiased Risk Estimator for Learning with Augmented Classes »
Yu-Jie Zhang · Zhi-Hua Zhou · Lanjihong Ma · Zhi-Hua Zhou -
2020 Poster: Towards Convergence Rate Analysis of Random Forests for Classification »
Wei Gao · Zhi-Hua Zhou -
2019 Poster: Bridging Machine Learning and Logical Reasoning by Abductive Learning »
Wang-Zhou Dai · Qiuling Xu · Yang Yu · Zhi-Hua Zhou -
2019 Poster: A Refined Margin Distribution Analysis for Forest Representation Learning »
Shen-Huan Lyu · Liang Yang · Zhi-Hua Zhou -
2018 Poster: Adaptive Online Learning in Dynamic Environments »
Lijun Zhang · Shiyin Lu · Zhi-Hua Zhou -
2018 Poster: Multi-Layered Gradient Boosting Decision Trees »
Ji Feng · Yang Yu · Zhi-Hua Zhou -
2018 Poster: Preference Based Adaptation for Learning Objectives »
Yao-Xiang Ding · Zhi-Hua Zhou -
2018 Poster: $\ell_1$-regression with Heavy-tailed Distributions »
Lijun Zhang · Zhi-Hua Zhou -
2018 Poster: Unorganized Malicious Attacks Detection »
Ming Pang · Wei Gao · Min Tao · Zhi-Hua Zhou -
2017 Poster: Improved Dynamic Regret for Non-degenerate Functions »
Lijun Zhang · Tianbao Yang · Jinfeng Yi · Rong Jin · Zhi-Hua Zhou -
2017 Poster: Learning with Feature Evolvable Streams »
Bo-Jian Hou · Lijun Zhang · Zhi-Hua Zhou -
2017 Poster: Subset Selection under Noise »
Chao Qian · Jing-Cheng Shi · Yang Yu · Ke Tang · Zhi-Hua Zhou -
2016 Poster: What Makes Objects Similar: A Unified Multi-Metric Learning Approach »
Han-Jia Ye · De-Chuan Zhan · Xue-Min Si · Yuan Jiang · Zhi-Hua Zhou -
2015 Poster: Subset Selection by Pareto Optimization »
Chao Qian · Yang Yu · Zhi-Hua Zhou -
2014 Poster: Top Rank Optimization in Linear Time »
Nan Li · Rong Jin · Zhi-Hua Zhou -
2013 Poster: Speedup Matrix Completion with Side Information: Application to Multi-Label Learning »
Miao Xu · Rong Jin · Zhi-Hua Zhou -
2012 Poster: Nystr{รถ}m Method vs Random Fourier Features: A Theoretical and Empirical Comparison »
Tianbao Yang · Yu-Feng Li · Mehrdad Mahdavi · Rong Jin · Zhi-Hua Zhou -
2010 Poster: Active Learning by Querying Informative and Representative Examples »
Sheng-Jun Huang · Rong Jin · Zhi-Hua Zhou -
2010 Poster: Multi-View Active Learning in the Non-Realizable Case »
Wei Wang · Zhi-Hua Zhou -
2006 Poster: Multi-Instance Multi-Label Learning with Application to Scene Classification »
Zhi-Hua Zhou · Min-Ling Zhang -
2006 Spotlight: Multi-Instance Multi-Label Learning with Application to Scene Classification »
Zhi-Hua Zhou · Min-Ling Zhang