Abstract

Intrinsic susceptibility of deep learning to adversarial examples has led to a plethora of attack techniques with a common broad objective of fooling deep models. However, we find slight compositional differences between the algorithms achieving this objective. These differences leave traces that provide important clues for attacker profiling in real-life scenarios. Inspired by this, we introduce a novel problem of 'Reverse Engineering of aDversarial attacks' (RED). Given an adversarial example, the objective of RED is to identify the attack used to generate it. Under this perspective, we can systematically group existing attacks into different families, leading to the sub-problem of attack family identification. To enable RED analysis, we introduce a large 'Adversarial Identification Dataset' (AID), comprising over 180k adversarial samples generated with 13 popular attacks for image specific/agnostic white/black box setups. We use AID to devise a novel framework for the RED objective. The proposed framework is designed using a novel Transformer based Global-LOcal Feature(GLoF) module which helps in approximating the adversarial perturbation and identification of the attack. Using AID and our framework, we provide multiple interesting benchmark results for the RED problem.

Notes

If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu

Graduation Date

2022

Semester

Summer

Advisor

Rawat, Yogesh Singh

Degree

Master of Science (M.S.)

College

College of Engineering and Computer Science

Department

Computer Science

Degree Program

Computer Science

Identifier

CFE0009642; DP0027469

URL

https://purls.library.ucf.edu/go/DP0027469

Language

English

Release Date

February 2023

Length of Campus-only Access

None

Access Status

Masters Thesis (Open Access)

Share

COinS