Trust Region Based Adversarial Attack on Neural Networks

Explore a comprehensive lecture on trust region-based adversarial attacks on neural networks, presented by the University of Central Florida. Delve into various aspects of adversarial attacks, including 3D objects, physical attacks on traffic signs, and adversarial patches for person detection. Learn about semantic segmentation, object detection, and LIDAR attacks. Understand key concepts such as Fast Gradient Sign Method, Basic Iterative Method, and Carlini-Wagner Attack. Discover the challenges in the field and the proposed solutions using trust region optimization. Examine the metrics, types of attacks, and experimental setup used in the study. Analyze time performance on ImageNet, qualitative results, and second-order attack outcomes. Gain valuable insights into this critical area of machine learning security in this 32-minute presentation.

Introduction
3D adversarial objects
Physical attacks on traffic signs
Adversarial Patches to Attack Person Detection
Semantic Segmentation and Object Detection
LIDAR attack
Definitions
Problem Formulation
Fast Gradient Sign Method • Goodfellow et al. proposed the Fast Gradient Sign Method FGSM
Basic Iterative Method
Carlini-Wagner Attack
Problems and Challenges
Other Problems
Contributions
Trust Region Optimization
Updating the Trust Region
Trust region example - Initial Start
Iteration 1
Final Trajectory after 20 iterations
Proposed Method
Metrics
Types of attacks used
Summary of setup
Time Performance on ImageNet
Qualitative Results
ImageNet Results
Second order attack results
Conclusion