Adversarial Examples for Visual Decompilers

James Wei

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2017-81

May 12, 2017

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.pdf

Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.

Advisors: Dawn Song

BibTeX citation:

@mastersthesis{Wei:EECS-2017-81,
    Author= {Wei, James},
    Title= {Adversarial Examples for Visual Decompilers},
    School= {EECS Department, University of California, Berkeley},
    Year= {2017},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.html},
    Number= {UCB/EECS-2017-81},
    Abstract= {Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.},
}

EndNote citation:

%0 Thesis
%A Wei, James 
%T Adversarial Examples for Visual Decompilers
%I EECS Department, University of California, Berkeley
%D 2017
%8 May 12
%@ UCB/EECS-2017-81
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.html
%F Wei:EECS-2017-81