AdvKnn: Adversarial Attacks On K-Nearest Neighbor Classifiers With Approximate Gradients

November 15, 2019 · Entered Twilight · 🏛 arXiv.org

"Last commit was 6.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: LICENSE, README.md, attack.py, imgs, knn_attacks.py, net.py, train_mnist.py

Authors Xiaodan Li, Yuefeng Chen, Yuan He, Hui Xue arXiv ID 1911.06591 Category cs.CV: Computer Vision Cross-listed cs.LG Citations 10 Venue arXiv.org Repository https://github.com/fiona-lxd/AdvKnn ⭐ 14 Last Checked 1 month ago

Abstract

Deep neural networks have been shown to be vulnerable to adversarial examples---maliciously crafted examples that can trigger the target model to misbehave by adding imperceptible perturbations. Existing attack methods for k-nearest neighbor~(kNN) based algorithms either require large perturbations or are not applicable for large k. To handle this problem, this paper proposes a new method called AdvKNN for evaluating the adversarial robustness of kNN-based models. Firstly, we propose a deep kNN block to approximate the output of kNN methods, which is differentiable thus can provide gradients for attacks to cross the decision boundary with small distortions. Second, a new consistency learning for distribution instead of classification is proposed for the effectiveness in distribution based methods. Extensive experimental results indicate that the proposed method significantly outperforms state of the art in terms of attack success rate and the added perturbations.