bei Google ScholarTitelangaben
Richter, Rónán R.C. ; Rambau, Jörg:
Using MILPs for generating robust adversarial examples.
2022
Veranstaltung: International Conference on Operations Research - OR 2022
, 06.-09.09.2022
, Karlsruhe, Germany.
(Veranstaltungsbeitrag: Kongress/Konferenz/Symposium/Tagung
,
Vortrag
)
Abstract
The widespread use of Deep Neural Networks (DNNs) in various fields, including applications with increasingly higher security requirements, has made strategies to attack DNNs a relevant field of interest. One way to lead a DNN into wrong classifications are adversarial examples, i.e., small perturbations of inputs that result in false outputs. Different approaches for generating adversarial examples have been described in literature. However, adversarial examples may be heavily dependent on the given DNN, such that minor modifications of the DNN may rule out some of them.
In the presented work, our goal is to find more robust adversarial examples for DNNs consisting of multiple layers of rectified linear units by building upon a MILP model proposed by Fischetti and Jo (2018). By incorporating perturbations of the weights and the biases of the rectified linear units, the resulting adversarial examples are more resistant to changes of the attacked DNN, e.g., by further training. We present examples for DNNs that are trained for MNIST data and compare our method with other approaches for generating robust adversarial examples, that are described in literature.