[Remote] DeepRover: A Query-efficient Blackbox Attack for Deep Neural Networks
Deep neural networks (DNNs) achieved a significant performance leap over the past decade and have been widely adopted in various industrial domains. However, a fundamental problem regarding DNN robustness is still not adequately addressed, which can potentially lead to many quality issues after deployment, e.g., safety, security, and reliability. An adversarial attack is one of the most commonly investigated techniques to penetrate a DNN by misleading the DNN’s decision by generating minor perturbation on original inputs. More importantly, the adversarial attack is a crucial way to assess, estimate, and understand the robustness boundary of a DNN. Intuitively, a stronger adversarial attack can help obtain a tighter robustness boundary to understand the potentially worst case when a DNN is deployed. To push this further, in this paper, we propose DeepRover, a fuzzing-based blackbox attack for deep neural networks used for image classification. We show that DeepRover is more effective and query-efficient in generating adversarial examples than state-of-the-art blackbox attacks. Moreover, DeepRover can find adversarial examples at a finer-grained level than other approaches.
Thu 7 DecDisplayed time zone: Pacific Time (US & Canada) change
11:00 - 12:30 | Machine Learning IVResearch Papers / Ideas, Visions and Reflections / Industry Papers at Golden Gate C2 Chair(s): Diptikalyan Saha IBM Research India | ||
11:00 15mTalk | Dynamic Data Fault Localization for Deep Neural Networks Research Papers Yining Yin Nanjing University, China, Yang Feng Nanjing University, Shihao Weng Nanjing University, Zixi Liu Nanjing University, Yuan Yao Nanjing University, Yichi Zhang Nanjing University, Zhihong Zhao , Zhenyu Chen Nanjing University Media Attached | ||
11:15 15mTalk | Assisting Static Analysis with Large Language Models: A ChatGPT Experiment Ideas, Visions and Reflections Haonan Li University of California at Riverside, USA, Yu Hao University of California at Riverside, USA, Yizhuo Zhai University of California at Riverside, USA, Zhiyun Qian University of California at Riverside, USA Media Attached | ||
11:30 15mTalk | Understanding the Bug Characteristics and Fix Strategies of Federated Learning Systems Research Papers Xiaohu Du Huazhong University of Science and Technology, Xiao CHEN Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Jialun Cao Hong Kong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hai Jin Huazhong University of Science and Technology Media Attached | ||
11:45 15mTalk | EvoCLINICAL: Evolving Cyber-Cyber Digital Twin with Active Transfer Learning for Automated Cancer Registry System Industry Papers Chengjie Lu Simula Research Laboratory; University of Oslo, Xu Qinghua Simula Research Laboratory; University of Oslo, Tao Yue Beihang University, Shaukat Ali Simula Research Laboratory and Oslo Metropolitan University, Thomas Schwitalla Cancer Registry of Norway, Jan F. Nygård Cancer Registry of Norway DOI Media Attached | ||
12:00 15mTalk | Learning Program Semantics for Vulnerability Detection via Vulnerability-specific Inter-procedural Slicing Research Papers bozhi wu Singapore Management University, Shangqing Liu Nanyang Technological University, Yang Xiao Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiming Li Nanyang Technological University, Singapore, Jun Sun Singapore Management University, Shang-Wei Lin Nanyang Technological University Media Attached | ||
12:15 15mTalk | [Remote] DeepRover: A Query-efficient Blackbox Attack for Deep Neural Networks Research Papers Fuyuan Zhang Kyushu University, Xinwen Hu Hunan Normal University, Lei Ma The University of Tokyo / University of Alberta, Jianjun Zhao Kyushu University Media Attached | ||