Breaking Certified Defenses: Semantic Adversarial Examples with Spoofed Robustness Certificates

Ghiasi, Amin; Shafahi, Ali; Goldstein, Tom

Breaking Certified Defenses: Semantic Adversarial Examples with Spoofed Robustness Certificates

ICLR 2020

/iclr/2020/ghiasi2020iclr-breaking/

Abstract

Defenses against adversarial attacks can be classified into certified and non-certified. Certifiable defenses make networks robust within a certain $\ell_p$-bounded radius, so that it is impossible for the adversary to make adversarial examples in the certificate bound. We present an attack that maintains the imperceptibility property of adversarial examples while being outside of the certified radius. Furthermore, the proposed "Shadow Attack" can fool certifiably robust networks by producing an imperceptible adversarial example that gets misclassified and produces a strong ``spoofed'' certificate.

PDF ICLR Semantic Scholar

Cite

Text

Ghiasi et al. "Breaking Certified Defenses: Semantic Adversarial Examples with Spoofed Robustness Certificates." International Conference on Learning Representations, 2020.

Markdown

[Ghiasi et al. "Breaking Certified Defenses: Semantic Adversarial Examples with Spoofed Robustness Certificates." International Conference on Learning Representations, 2020.](https://mlanthology.org/iclr/2020/ghiasi2020iclr-breaking/)

BibTeX

@inproceedings{ghiasi2020iclr-breaking,
  title     = {{Breaking Certified Defenses: Semantic Adversarial Examples with Spoofed Robustness Certificates}},
  author    = {Ghiasi, Amin and Shafahi, Ali and Goldstein, Tom},
  booktitle = {International Conference on Learning Representations},
  year      = {2020},
  url       = {https://mlanthology.org/iclr/2020/ghiasi2020iclr-breaking/}
}