James Wei
EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2017-81
May 12, 2017
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.pdf
Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.
Advisor: Dawn Song
BibTeX citation:
@mastersthesis{Wei:EECS-2017-81, Author = {Wei, James}, Title = {Adversarial Examples for Visual Decompilers}, School = {EECS Department, University of California, Berkeley}, Year = {2017}, Month = {May}, URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.html}, Number = {UCB/EECS-2017-81}, Abstract = {Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.} }
EndNote citation:
%0 Thesis %A Wei, James %T Adversarial Examples for Visual Decompilers %I EECS Department, University of California, Berkeley %D 2017 %8 May 12 %@ UCB/EECS-2017-81 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.html %F Wei:EECS-2017-81