allenhzy commited on
Commit
75fab0b
·
1 Parent(s): d17ac5b
Files changed (1) hide show
  1. index.html +25 -15
index.html CHANGED
@@ -39,17 +39,14 @@
39
  e.preventDefault();
40
  if (!$(this).hasClass('selected')) {
41
 
42
- console.log('event')
43
  $('.formula').hide(200);
44
  $('.formula-list > a').removeClass('selected');
45
  $(this).addClass('selected');
46
  var target = $(this).attr('href');
47
- // alert(target)
48
- console.log(target)
49
  $(target).show(200);
50
  }
51
  });
52
-
53
  })
54
  </script>
55
 
@@ -253,15 +250,11 @@
253
  <div class="container is-max-desktop">
254
  <h2 class="title is-3">Neighborhood Relations of Benign Examples and AEs</h2>
255
  <div class="columns is-centered">
256
- <div class="column container-centered is-four-fifths">
257
  <img src="./static/images/relations.jpg" alt="Neighborhood Relations of Benign Examples and AEs"/>
258
- </div>
259
- </div>
260
- <div class="columns is-centered">
261
- <div class="column has-text-justified is-four-fifths">
262
- <p>
263
- <strong>Figure 1. Neighborhood Relations of Benign Examples and AEs.</strong>
264
- </p>
265
  </div>
266
  </div>
267
  <div class="columns is-centered">
@@ -422,6 +415,23 @@
422
 
423
  <div class="container is-max-desktop">
424
  <h2 class="title is-3">Adaptive Attack</h2>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
425
  <div class="columns is-centered">
426
  <div class="column container-centered">
427
  <div id="adaptive-loss-formula" class="container">
@@ -435,17 +445,17 @@
435
  <span id="label-loss" class="formula" style="">
436
  $$
437
  \displaystyle
438
- Loss_{l} = \frac{1}{k} \sum_{i=1}^{k} \mathcal{L}\left(\mathbb{C}\left(W^i(x+\delta) \right), y_t\right)
439
  $$
440
  </span>
441
  <span id="representation-loss" class="formula" style="display: none;">
442
  $$
443
  \displaystyle
444
- Loss_{r} = \frac{1}{k} \sum_{i=1}^{k}\mathcal{S}(\mathbb{R}(W^i(x+\delta)), \mathbb{R}(x+\delta))
445
  $$
446
  </span>
447
  <span id="total-loss" class="formula" style="display: none;">
448
- $$\displaystyle \mathcal{L}_C(x+\delta, y_t) + Sim_l - \alpha \cdot Sim_{r}$$
449
  </span>
450
  </div>
451
  </div>
 
39
  e.preventDefault();
40
  if (!$(this).hasClass('selected')) {
41
 
 
42
  $('.formula').hide(200);
43
  $('.formula-list > a').removeClass('selected');
44
  $(this).addClass('selected');
45
  var target = $(this).attr('href');
 
 
46
  $(target).show(200);
47
  }
48
  });
49
+
50
  })
51
  </script>
52
 
 
250
  <div class="container is-max-desktop">
251
  <h2 class="title is-3">Neighborhood Relations of Benign Examples and AEs</h2>
252
  <div class="columns is-centered">
253
+ <div class="column container-centered">
254
  <img src="./static/images/relations.jpg" alt="Neighborhood Relations of Benign Examples and AEs"/>
255
+ <p>
256
+ <strong>Figure 1. Neighborhood Relations of Benign Examples and AEs.</strong>
257
+ </p>
 
 
 
 
258
  </div>
259
  </div>
260
  <div class="columns is-centered">
 
415
 
416
  <div class="container is-max-desktop">
417
  <h2 class="title is-3">Adaptive Attack</h2>
418
+
419
+ <div class="columns is-centered">
420
+ <div class="column has-text-justified">
421
+ <p>
422
+ Attackers can design adaptive attacks to try to bypass BEYOND when the attacker knows all the parameters of the model
423
+ and the detection strategy. For an SSL model with a feature extractor $$f$$, a projector $$h$$, and a classification head $$g$$,
424
+ the classification branch can be formulated as $$\mathbb{C} = f\circ g$$ and the representation branch as $$\mathbb{R} = f\circ h$$.
425
+ To attack effectively, the adversary must deceive the target model while guaranteeing the label consistency and representation similarity of the SSL model.
426
+
427
+ where $$\mathcal{S}$$ represents cosine similarity, $$k$$ represents the number of generated neighbors,
428
+ and the linear augmentation function $$W(x)=W(x,p);~p\sim P$$ randomly samples $$p$$ from the parameter distribution $$P$$ to generate different neighbors.
429
+ Note that we guarantee the generated neighbors are fixed each time by fixing the random seed. The adaptive adversaries perform attacks on the following objective function:
430
+
431
+ where $$\mathcal{L}_C$$ indicates classifier's loss function, $$y_t$$ is the targeted class, and $$\alpha$$ refers to a hyperparameter.
432
+ </div>
433
+ </div>
434
+
435
  <div class="columns is-centered">
436
  <div class="column container-centered">
437
  <div id="adaptive-loss-formula" class="container">
 
445
  <span id="label-loss" class="formula" style="">
446
  $$
447
  \displaystyle
448
+ Loss_{label} = \frac{1}{k} \sum_{i=1}^{k} \mathcal{L}\left(\mathbb{C}\left(W^i(x+\delta) \right), y_t\right)
449
  $$
450
  </span>
451
  <span id="representation-loss" class="formula" style="display: none;">
452
  $$
453
  \displaystyle
454
+ Loss_{repre} = \frac{1}{k} \sum_{i=1}^{k}\mathcal{S}(\mathbb{R}(W^i(x+\delta)), \mathbb{R}(x+\delta))
455
  $$
456
  </span>
457
  <span id="total-loss" class="formula" style="display: none;">
458
+ $$\displaystyle \mathcal{L}_C(x+\delta, y_t) + Loss_{label} - \alpha \cdot Loss_{repre}$$
459
  </span>
460
  </div>
461
  </div>