pith. sign in

arxiv: 2003.08937 · v1 · pith:KLO3EPYWnew · submitted 2020-03-19 · 💻 cs.LG · stat.ML

Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates

classification 💻 cs.LG stat.ML
keywords adversarialcertificatecertifiedimageproposedattackclassifiersexamples
0
0 comments X
read the original abstract

To deflect adversarial attacks, a range of "certified" classifiers have been proposed. In addition to labeling an image, certified classifiers produce (when possible) a certificate guaranteeing that the input image is not an $\ell_p$-bounded adversarial example. We present a new attack that exploits not only the labelling function of a classifier, but also the certificate generator. The proposed method applies large perturbations that place images far from a class boundary while maintaining the imperceptibility property of adversarial examples. The proposed "Shadow Attack" causes certifiably robust networks to mislabel an image and simultaneously produce a "spoofed" certificate of robustness.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.