Summary of Keep on Swimming: Real Attackers Only Need Partial Knowledge Of a Multi-model System, by Julian Collado et al.
Keep on Swimming: Real Attackers Only Need Partial Knowledge of a Multi-Model System
by Julian Collado, Kevin Stangl
First submitted to arxiv on: 30 Oct 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV); Multiagent Systems (cs.MA)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary Recent advances in machine learning often involve composing multiple models or architectures. However, when attacking these composed systems with adversarial attacks, it may not be feasible to train proxy models for every component. Our proposed method crafts an attack against the overall multi-model system using only a proxy model for the final black-box model, even when initial transformations make perturbations ineffective. We outperform current methods (80% vs 25%) and use smaller perturbations (9.4% lower MSE) in our experiments on a supervised image pipeline. Our attack generalizes to other multi-model settings and agentic systems. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Imagine you have many different models working together to do something cool, like recognizing pictures or translating languages. But what if someone wanted to trick the system by adding some fake noise to make it misbehave? That’s exactly what our new attack method does. We show how to create a special kind of noise that can fool these combined systems, even when they’re using multiple models together. Our method is really good at doing this (it works 80% of the time), and it’s not too big or complicated either. We tested it on pictures, but we think it could work for other kinds of tasks too. |
Keywords
» Artificial intelligence » Machine learning » Mse » Supervised
