Gradient Obfuscation Checklist Test Gives a False Sense of Security
dc.contributor.author
Popovic, Nikola
dc.contributor.author
Paudel, Danda Pani
dc.contributor.author
Probst, Thomas
dc.contributor.author
Van Gool, Luc
dc.date.accessioned
2023-09-18T15:16:06Z
dc.date.available
2022-12-22T14:41:20Z
dc.date.available
2023-01-03T09:07:47Z
dc.date.available
2023-01-03T09:10:24Z
dc.date.available
2023-09-18T12:08:18Z
dc.date.available
2023-09-18T15:16:06Z
dc.date.issued
2022
dc.identifier.uri
http://hdl.handle.net/20.500.11850/588935
dc.identifier.doi
10.3929/ethz-b-000588935
dc.description.abstract
One popular group of defense techniques against adversarial attacks is based on injecting stochastic noise into the network. The main source of robustness of such stochastic defenses however is often due to the obfuscation of the gradients, offering a false sense of security. Since most of the popular adversarial attacks are optimization-based, obfuscated gradients reduce their attacking ability, while the model is still susceptible to stronger or specifically tailored adversarial attacks. Recently, five characteristics have been identified, which are commonly observed when the improvement in robustness is mainly caused by gradient obfuscation. It has since become a trend to use these five characteristics as a sufficient test, to determine whether or not gradient obfuscation is the main source of robustness. However, these characteristics do not perfectly characterize all existing cases of gradient obfuscation, and therefore can not serve as a basis for a conclusive test. In this work, we present a counterexample, showing this test is not suf- ficient for concluding that gradient obfuscation is not the main cause of improvements in robustness.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
ETH Zurich
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.title
Gradient Obfuscation Checklist Test Gives a False Sense of Security
en_US
dc.type
Conference Paper
dc.rights.license
In Copyright - Non-Commercial Use Permitted
dc.date.published
2023-01-03
ethz.size
4 p.
en_US
ethz.version.deposit
acceptedVersion
en_US
ethz.event
IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW 2022)
en_US
ethz.event.location
New Orleans, LA, USA
en_US
ethz.event.date
June 19-22, 2022
en_US
ethz.notes
Oral presentation at "The Art of Robustness: Devil and Angel in Adversarial Machine Learning, Workshop" at IEEE Conference on Computer Vision and Pattern Recognition 2022.
en_US
ethz.publication.place
Zurich
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02652 - Institut für Bildverarbeitung / Computer Vision Laboratory::03514 - Van Gool, Luc / Van Gool, Luc
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02652 - Institut für Bildverarbeitung / Computer Vision Laboratory::03514 - Van Gool, Luc / Van Gool, Luc
en_US
ethz.date.deposited
2022-12-22T14:41:20Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2023-09-18T15:16:07Z
ethz.rosetta.lastUpdated
2023-09-18T15:16:07Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Gradient%20Obfuscation%20Checklist%20Test%20Gives%20a%20False%20Sense%20of%20Security&rft.date=2022&rft.au=Popovic,%20Nikola&Paudel,%20Danda%20Pani&Probst,%20Thomas&Van%20Gool,%20Luc&rft.genre=proceeding&rft.btitle=Gradient%20Obfuscation%20Checklist%20Test%20Gives%20a%20False%20Sense%20of%20Security
Files in this item
Publication type
-
Conference Paper [34969]