人工智能培训

搜索

人工智能培训:神经网络的对抗性重编程(Adversarial Reprogramming of Neural Networks)

[复制链接]
yyshrrrr 发表于 2018-7-2 09:47:41 | 显示全部楼层 |阅读模式
yyshrrrr 2018-7-2 09:47:41 1418 0 显示全部楼层
人工智能培训:神经网络的对抗性重编程(Adversarial Reprogramming of Neural Networks)深度神经网络容易受到对抗性攻击。在计算机视觉中,精心设计的图像扰动可能会导致神经网络发生失误,例如将熊猫识别为长臂猿或将猫与计算机混淆。以前的敌对案例旨在降低模型的性能,或者导致机器学习模型产生攻击者提前选择的特定输出。我们引入敌对攻击,而不是重新编程目标模型来执行攻击者选择的任务---而攻击者无需为每个测试时间输入指定或计算所需的输出。这种攻击是通过优化单个对抗性扰动来实现的,这种扰动是无限制的幅度,可以将其添加到机器学习模型的所有测试时间输入中,以便使模型在处理这些输入时执行由敌手选择的任务---即使该模型没有被训练来完成这项任务。这些扰动因此可以被认为是新任务的计划。我们展示了六种ImageNet分类模型的对抗性重新编程,重新调整这些模型以执行计数任务,以及两个分类任务:在ImageNet模型的输入内呈现的MNIST和CIFAR-10示例的分类。
Deep neural networks are susceptible to adversarial attacks.In computervision, well-crafted perturbations to images can cause neural networks to makemistakes such as identifying a panda as a gibbon or confusing a cat with acomputer.Previous adversarial examples have been designed to degradeperformance of models or cause machine learning models to produce specificoutputs chosen ahead of time by the attacker.We introduce adversarial attacksthat instead reprogram the target model to perform a task chosen by theattacker---without the attacker needing to specify or compute the desiredoutput for each test-time input.This attack is accomplished by optimizing fora single adversarial perturbation, of unrestricted magnitude, that can be addedto all test-time inputs to a machine learning model in order to cause the modelto perform a task chosen by the adversary when processing these inputs---evenifthe model was not trained to do this task.These perturbations can be thusconsidered a program for the new task.We demonstrate adversarial reprogrammingon six ImageNet classification models, repurposing these models to perform acounting task, as well as two classification tasks: classification of MNIST andCIFAR-10 examples presented within the input to the ImageNet model.人工智能培训:神经网络的对抗性重编程(Adversarial Reprogramming of Neural Networks) CkV1osoQVvStvhn2.jpg
URL地址:https://arxiv.org/abs/1806.11146     ----pdf下载地址:https://arxiv.org/pdf/1806.11146    ----人工智能培训:神经网络的对抗性重编程(Adversarial Reprogramming of Neural Networks)
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则 返回列表 发新帖

yyshrrrr当前离线
新手上路

查看:1418 | 回复:0

快速回复 返回顶部 返回列表