NeurIPS 2019

Timezone: »

Poster

Learning to Confuse: Generating Training Time Adversarial Data with Auto-Encoder

Ji Feng · Qi-Zhi Cai · Zhi-Hua Zhou

Thu Dec 12 10:45 AM -- 12:45 PM (PST) @ East Exhibition Hall B + C #18

in Algorithms -- Adversarial Learning »

In this work, we consider one challenging training time attack by modifying training data with bounded perturbation, hoping to manipulate the behavior (both targeted or non-targeted) of any corresponding trained classifier during test time when facing clean samples. To achieve this, we proposed to use an auto-encoder-like network to generate such adversarial perturbations on the training data together with one imaginary victim differentiable classifier. The perturbation generator will learn to update its weights so as to produce the most harmful noise, aiming to cause the lowest performance for the victim classifier during test time. This can be formulated into a non-linear equality constrained optimization problem. Unlike GANs, solving such problem is computationally challenging, we then proposed a simple yet effective procedure to decouple the alternating updates for the two networks for stability. By teaching the perturbation generator to hijacking the training trajectory of the victim classifier, the generator can thus learn to move against the victim classifier step by step. The method proposed in this paper can be easily extended to the label specific setting where the attacker can manipulate the predictions of the victim classifier according to some predefined rules rather than only making wrong predictions. Experiments on various datasets including CIFAR-10 and a reduced version of ImageNet confirmed the effectiveness of the proposed method and empirical results showed that, such bounded perturbations have good transferability across different types of victim classifiers.

Keywords: Privacy, Anonymity, and Security · Applications · Algorithms · Adversarial Learning

[ Paper] [ Poster]

Author Information

Ji Feng (Sinovation Ventures)

Qi-Zhi Cai (Sinovation Ventures)

Zhi-Hua Zhou (Nanjing University)

More from the Same Authors

2023 Poster: Complex-valued Neurons Can Learn More but Slower than Real-valued Neurons via Gradient Descent »
Jin-Hui Wu · Shao-Qun Zhang · Yuan Jiang · Zhi-Hua Zhou
2023 Poster: On the Gini-impurity Preservation For Privacy Random Forests »
XinRan Xie · Man-Jie Yuan · Xuetong Bai · Wei Gao · Zhi-Hua Zhou
2023 Poster: Rehearsal Learning for Avoiding Undesired Future »
Tian Qin · Tian-Zuo Wang · Zhi-Hua Zhou
2023 Poster: Stochastic Approximation Approaches to Group Distributionally Robust Optimization »
Lijun Zhang · Peng Zhao · Tianbao Yang · Zhi-Hua Zhou
2023 Poster: Universal Online Learning with Gradual Variations: A Multi-layer Online Ensemble Approach »
Yuhu Yan · Peng Zhao · Zhi-Hua Zhou
2023 Poster: Dynamic Regret of Adversarial Linear Mixture MDPs »
Long-Fei Li · Peng Zhao · Zhi-Hua Zhou
2022 Spotlight: Real-Valued Backpropagation is Unsuitable for Complex-Valued Neural Networks »
Zhi-Hao Tan · Yi Xie · Yuan Jiang · Zhi-Hua Zhou
2022 Spotlight: Lightning Talks 3A-2 »
shuwen yang · Xu Zhang · Delvin Ce Zhang · Lan-Zhe Guo · Renzhe Xu · Zhuoer Xu · Yao-Xiang Ding · Weihan Li · Xingxuan Zhang · Xi-Zhu Wu · Zhenyuan Yuan · Hady Lauw · Yu Qi · Yi-Ge Zhang · Zhihao Yang · Guanghui Zhu · Dong Li · Changhua Meng · Kun Zhou · Gang Pan · Zhi-Fan Wu · Bo Li · Minghui Zhu · Zhi-Hua Zhou · Yafeng Zhang · Yingxueff Zhang · shiwen cui · Jie-Jing Shao · Zhanguang Zhang · Zhenzhe Ying · Xiaolong Chen · Yu-Feng Li · Guojie Song · Peng Cui · Weiqiang Wang · Ming GU · Jianye Hao · Yihua Huang
2022 Spotlight: Pre-Trained Model Reusability Evaluation for Small-Data Transfer Learning »
Yao-Xiang Ding · Xi-Zhu Wu · Kun Zhou · Zhi-Hua Zhou
2022 Poster: Adapting to Online Label Shift with Provable Guarantees »
Yong Bai · Yu-Jie Zhang · Peng Zhao · Masashi Sugiyama · Zhi-Hua Zhou
2022 Poster: Theoretically Provable Spiking Neural Networks »
Shao-Qun Zhang · Zhi-Hua Zhou
2022 Poster: Pre-Trained Model Reusability Evaluation for Small-Data Transfer Learning »
Yao-Xiang Ding · Xi-Zhu Wu · Kun Zhou · Zhi-Hua Zhou
2022 Poster: Sound and Complete Causal Identification with Latent Variables Given Local Background Knowledge »
Tian-Zuo Wang · Tian Qin · Zhi-Hua Zhou
2022 Poster: Efficient Methods for Non-stationary Online Learning »
Peng Zhao · Yan-Feng Xie · Lijun Zhang · Zhi-Hua Zhou
2022 Poster: Real-Valued Backpropagation is Unsuitable for Complex-Valued Neural Networks »
Zhi-Hao Tan · Yi Xie · Yuan Jiang · Zhi-Hua Zhou
2022 Poster: Depth is More Powerful than Width with Prediction Concatenation in Deep Forest »
Shen-Huan Lyu · Yi-Xiao He · Zhi-Hua Zhou
2021 Poster: Actively Identifying Causal Effects with Latent Variables Given Only Response Variable Observable »
Tian-Zuo Wang · Zhi-Hua Zhou
2021 Poster: Dual Adaptivity: A Universal Algorithm for Minimizing the Adaptive Regret of Convex Functions »
Lijun Zhang · Guanghui Wang · Wei-Wei Tu · Wei Jiang · Zhi-Hua Zhou
2020 Poster: Dynamic Regret of Convex and Smooth Functions »
Peng Zhao · Yu-Jie Zhang · Lijun Zhang · Zhi-Hua Zhou
2020 Poster: An Unbiased Risk Estimator for Learning with Augmented Classes »
Yu-Jie Zhang · Peng Zhao · Lanjihong Ma · Zhi-Hua Zhou
2020 Poster: Towards Convergence Rate Analysis of Random Forests for Classification »
Wei Gao · Zhi-Hua Zhou
2019 Poster: Bridging Machine Learning and Logical Reasoning by Abductive Learning »
Wang-Zhou Dai · Qiuling Xu · Yang Yu · Zhi-Hua Zhou
2019 Poster: A Refined Margin Distribution Analysis for Forest Representation Learning »
Shen-Huan Lyu · Liang Yang · Zhi-Hua Zhou
2018 Poster: Adaptive Online Learning in Dynamic Environments »
Lijun Zhang · Shiyin Lu · Zhi-Hua Zhou
2018 Poster: Multi-Layered Gradient Boosting Decision Trees »
Ji Feng · Yang Yu · Zhi-Hua Zhou
2018 Poster: Preference Based Adaptation for Learning Objectives »
Yao-Xiang Ding · Zhi-Hua Zhou
2018 Poster: $\ell_1$-regression with Heavy-tailed Distributions »
Lijun Zhang · Zhi-Hua Zhou
2018 Poster: Unorganized Malicious Attacks Detection »
Ming Pang · Wei Gao · Min Tao · Zhi-Hua Zhou
2017 Poster: Improved Dynamic Regret for Non-degenerate Functions »
Lijun Zhang · Tianbao Yang · Jinfeng Yi · Rong Jin · Zhi-Hua Zhou
2017 Poster: Learning with Feature Evolvable Streams »
Bojian Hou · Lijun Zhang · Zhi-Hua Zhou
2017 Poster: Subset Selection under Noise »
Chao Qian · Jing-Cheng Shi · Yang Yu · Ke Tang · Zhi-Hua Zhou
2016 Poster: What Makes Objects Similar: A Unified Multi-Metric Learning Approach »
Han-Jia Ye · De-Chuan Zhan · Xue-Min Si · Yuan Jiang · Zhi-Hua Zhou
2015 Poster: Subset Selection by Pareto Optimization »
Chao Qian · Yang Yu · Zhi-Hua Zhou
2014 Poster: Top Rank Optimization in Linear Time »
Nan Li · Rong Jin · Zhi-Hua Zhou
2013 Poster: Speedup Matrix Completion with Side Information: Application to Multi-Label Learning »
Miao Xu · Rong Jin · Zhi-Hua Zhou
2012 Poster: Nystr{ö}m Method vs Random Fourier Features: A Theoretical and Empirical Comparison »
Tianbao Yang · Yu-Feng Li · Mehrdad Mahdavi · Rong Jin · Zhi-Hua Zhou
2010 Poster: Active Learning by Querying Informative and Representative Examples »
Sheng-Jun Huang · Rong Jin · Zhi-Hua Zhou
2010 Poster: Multi-View Active Learning in the Non-Realizable Case »
Wei Wang · Zhi-Hua Zhou
2006 Poster: Multi-Instance Multi-Label Learning with Application to Scene Classification »
Zhi-Hua Zhou · Min-Ling Zhang
2006 Spotlight: Multi-Instance Multi-Label Learning with Application to Scene Classification »
Zhi-Hua Zhou · Min-Ling Zhang