Intrinsic susceptibility of deep learning to adversarial examples has led to a plethora of attack techniques with a common broad objective of fooling deep models. However, we find slight compositional differences between the algorithms achieving this objective. These differences leave traces that provide important clues for attacker profiling in real-life scenarios. Inspired by this, we introduce a novel problem of 'Reverse Engineering of aDversarial attacks' (RED). Given an adversarial example, the objective of RED is to identify the attack used to generate it. Under this perspective, we can systematically group existing attacks into different families, leading to the sub-problem of attack family identification. To enable RED analysis, we introduce a large 'Adversarial Identification Dataset' (AID), comprising over 180k adversarial samples generated with 13 popular attacks for image specific/agnostic white/black box setups. We use AID to devise a novel framework for the RED objective. The proposed framework is designed using a novel Transformer based Global-LOcal Feature(GLoF) module which helps in approximating the adversarial perturbation and identification of the attack. Using AID and our framework, we provide multiple interesting benchmark results for the RED problem.
If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu
Rawat, Yogesh Singh
Master of Science (M.S.)
College of Engineering and Computer Science
Length of Campus-only Access
Masters Thesis (Open Access)
Ambati, Rahul, "Reverse Engineering of Adversarial Samples by Leveraging Patterns left by the Attacker" (2022). Electronic Theses and Dissertations, 2020-. 1503.