Adversarial Examples for Visual Decompilers

James Wei

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2017-81
May 12, 2017

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.pdf

Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.

Advisor: Dawn Song


BibTeX citation:

@mastersthesis{Wei:EECS-2017-81,
    Author = {Wei, James},
    Title = {Adversarial Examples for Visual Decompilers},
    School = {EECS Department, University of California, Berkeley},
    Year = {2017},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.html},
    Number = {UCB/EECS-2017-81},
    Abstract = {Deep learning models are vulnerable to adversarial examples: maliciously perturbed inputs that compel models to make incorrect predictions with high confidence. We present an analysis of adversarial examples in the context of visual decompilers. Using the image-to-LaTeX task as a baseline for structured prediction problems, we show that targeted and non-targeted adversarial examples can fool the model using a minimal amount of perturbations. Additionally, we apply and discuss the limitations of two detection schemes. Finally, we propose—and subsequently break—two prevention strategies, one of which involves a novel attack for quantized adversarial examples.}
}

EndNote citation:

%0 Thesis
%A Wei, James
%T Adversarial Examples for Visual Decompilers
%I EECS Department, University of California, Berkeley
%D 2017
%8 May 12
%@ UCB/EECS-2017-81
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-81.html
%F Wei:EECS-2017-81