AST 2024
Mon 15 - Tue 16 April 2024 Lisbon, Portugal
co-located with ICSE 2024

Deep Neural Networks (DNNs) are known to be vulnerable to adversarial examples. Further, these adversarial examples are found to be transferable from the source network in which they are crafted to a black-box target network. As the trend of using deep learning on embedded devices grows, it becomes relevant to study the transferability properties of adversarial examples among compressed networks. In this paper, we consider quantization as a network compression technique and evaluate the performance of transfer-based attacks when the source and target networks are quantized at different bitwidths. We explore how algorithm specific properties affect transferability by considering various adversarial example generation algorithms. Furthermore, we examine transferability in a more realistic scenario where the source and target networks may differ in bitwidth and other model-related properties like capacity and architecture. We find that although quantization reduces transferability, certain attack types demonstrate an ability to enhance it. Additionally, the average transferability of adversarial examples among quantized versions of a network can be used to estimate the transferability to quantized target networks with varying capacity and architecture.

Mon 15 Apr

Displayed time zone: Lisbon change

16:00 - 17:30
Session 3: Privacy, Security and RobustnessAST 2024 at Amália Rodrigues
Chair(s): Dr. AMANI AYAD Kean University, USA
16:00
20m
Full-paper
Sugar-coated poison defense on deepfake face-swapping attacks
AST 2024
Cheng-Yao Guo National Chengchi University, Fang Yu National Chengchi University
16:20
20m
Full-paper
Anonymizing Test Data in Android: Does It Hurt?
AST 2024
Elena Masserini University of Milano - Bicocca, Davide Ginelli , Daniela Micucci University of Milano-Bicocca, Italy, Daniela Briola University of Milano Bicocca, Leonardo Mariani University of Milano-Bicocca
Pre-print
16:40
20m
Full-paper
Properties that allow or prohibit transferability of adversarial attacks among quantized networks
AST 2024
Abhishek Shrestha Fraunhofer FOKUS, Juergen Grossmann Fraunhofer
DOI
17:00
20m
Full-paper
Can explainability and deep-learning be used for localizing vulnerabilities in source code?
AST 2024
Alessandro Marchetto Università di Trento
17:20
15m
Short-paper
Towards an Empirical Robustness Assessment Through Measuring Adversarial Subspaces
AST 2024
Viraj Rohit Gala , Martin A. Schneider Fraunhofer FOKUS, Marvin Vogt Fraunhofer Institute for Open Communication Systems
20:30
2h30m
Social Event
Social Dinner (Apr 15) - 20:30 at Páteo – Bairro do Avillez
AST 2024