Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
149 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adversarial Attacks on Hidden Tasks in Multi-Task Learning (2405.15244v2)

Published 24 May 2024 in cs.LG

Abstract: Deep learning models are susceptible to adversarial attacks, where slight perturbations to input data lead to misclassification. Adversarial attacks become increasingly effective with access to information about the targeted classifier. In the context of multi-task learning, where a single model learns multiple tasks simultaneously, attackers may aim to exploit vulnerabilities in specific tasks with limited information. This paper investigates the feasibility of attacking hidden tasks within multi-task classifiers, where model access regarding the hidden target task and labeled data for the hidden target task are not available, but model access regarding the non-target tasks is available. We propose a novel adversarial attack method that leverages knowledge from non-target tasks and the shared backbone network of the multi-task model to force the model to forget knowledge related to the target task. Experimental results on CelebA and DeepFashion datasets demonstrate the effectiveness of our method in degrading the accuracy of hidden tasks while preserving the performance of visible tasks, contributing to the understanding of adversarial vulnerabilities in multi-task classifiers.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Adversarial example games. Advances in neural information processing systems 33 (2020), 8921–8934.
  2. Language Models are Few-Shot Learners. arXiv preprint arXiv:2005.14165 (2020).
  3. Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). Ieee, 39–57.
  4. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In Proceedings of the 10th ACM workshop on artificial intelligence and security. 15–26.
  5. Multi-task learning for dangerous object detection in autonomous driving. Information Sciences 432 (2018), 559–571.
  6. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition. Ieee, 248–255.
  7. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv preprint arXiv:1810.04805 (2018).
  8. Robert M French. 1999. Catastrophic forgetting in connectionist networks. Trends in cognitive sciences 3, 4 (1999), 128–135.
  9. Adversarial robustness in multi-task learning: Promises and illusions. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 36. 697–705.
  10. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).
  11. Simple black-box adversarial attacks. In International conference on machine learning. PMLR, 2484–2493.
  12. Multi-task adversarial attack. arXiv preprint arXiv:2011.09824 (2020).
  13. The imaterialist fashion attribute dataset. In Proceedings of the IEEE/CVF International Conference on Computer Vision Workshops. 0–0.
  14. Uninet: A unified scene understanding network and exploring multi-task relationships through the lens of adversarial attacks. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 2239–2248.
  15. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770–778.
  16. Adversarial example defense: Ensembles of weak defenses are not strong. In 11th USENIX workshop on offensive technologies (WOOT 17).
  17. MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications. arXiv preprint arXiv:1704.04861 (2017).
  18. Adversarial examples are not bugs, they are features. Advances in neural information processing systems 32 (2019).
  19. Practical no-box adversarial attacks against dnns. Advances in Neural Information Processing Systems 33 (2020), 12849–12860.
  20. RoBERTa: A Robustly Optimized BERT Pretraining Approach. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP). 3141–3151.
  21. Large-scale celebfaces attributes (celeba) dataset. Retrieved August 15, 2018 (2018), 11.
  22. Attacking deep networks with surrogate-based adversarial black-box methods is easy. arXiv preprint arXiv:2203.08725 (2022).
  23. Enhancing cross-task black-box transferability of adversarial examples with dispersion reduction. In Proceedings of the IEEE/CVF conference on Computer Vision and Pattern Recognition. 940–949.
  24. Hard No-Box Adversarial Attack on Skeleton-Based Human Action Recognition with Skeleton-Motion-Informed Gradient. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 4597–4606.
  25. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).
  26. Multitask learning strengthens adversarial robustness. In Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part II 16. Springer, 158–174.
  27. Task-generalizable adversarial attack based on perceptual metric. arXiv preprint arXiv:1811.09020 (2018).
  28. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security. 506–519.
  29. Language Models are Unsupervised Multitask Learners. OpenAI Blog (2019).
  30. Exploring the Limits of Transfer Learning with a Unified Text-to-Text Transformer. arXiv preprint arXiv:1910.10683 (2019).
  31. Hyperface: A deep multi-task learning framework for face detection, landmark localization, pose estimation, and gender recognition. IEEE transactions on pattern analysis and machine intelligence 41, 1 (2017), 121–135.
  32. Adversarial training for free! Advances in neural information processing systems 32 (2019).
  33. Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. arXiv preprint arXiv:1409.1556 (2015).
  34. Adversarial attacks on multi-task visual perception for autonomous driving. arXiv preprint arXiv:2107.07449 (2021).
  35. Going Deeper with Convolutions. Proceedings of the IEEE conference on computer vision and pattern recognition (2015).
  36. Mingxing Tan and Quoc V Le. 2019. EfficientNet: Rethinking Model Scaling for Convolutional Neural Networks. arXiv preprint arXiv:1905.11946 (2019).
  37. Multi-task learning for dense prediction tasks: A survey. IEEE transactions on pattern analysis and machine intelligence 44, 7 (2021), 3614–3633.
  38. Feature importance-aware transferable adversarial attacks. In Proceedings of the IEEE/CVF international conference on computer vision. 7639–7648.
  39. XLNet: Generalized Autoregressive Pretraining for Language Understanding. arXiv preprint arXiv:1906.08237 (2019).
  40. Practical no-box adversarial attacks with training-free hybrid image transformation. arXiv preprint arXiv:2203.04607 (2022).

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets