skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: SD-NAE: Generating Natural Adversarial Examples with Stable Diffusion
Natural Adversarial Examples (NAEs), images arising naturally from the environment and capable of deceiving classifiers, are instrumental in robustly evaluating and identifying vulnerabilities in trained models. In this work, unlike prior works that passively collect NAEs from real images, we propose to actively synthesize NAEs using the state-of-the-art Stable Diffusion. Specifically, our method formulates a controlled optimization process, where we perturb the token embedding that corresponds to a specified class to generate NAEs. This generation process is guided by the gradient of loss from the target classifier, ensuring that the created image closely mimics the ground-truth class yet fools the classifier. Named SD-NAE (Stable Diffusion for Natural Adversarial Examples), our innovative method is effective in producing valid and useful NAEs, which is demonstrated through a meticulously designed experiment. Code is available at https://github.com/linyueqian/SD-NAE.  more » « less
Award ID(s):
1822085
PAR ID:
10534945
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
The Twelfth International Conference on Learning Representations (ICLR) 2024
Date Published:
Format(s):
Medium: X
Location:
Vienna Austria
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, Advances in botanical research)
    Rebeille, F.; Marechal, E. (Ed.)
    N-acylethanolamines (NAEs) are a group of lipid signaling molecules derived from the phospholipid precursor N-acylphosphatidylethanolamine (NAPE). NAEs can be processed by a wide range of metabolic processes including hydrolysis by fatty acid amide hydrolase (FAAH), peroxidation by lipoxygenases (LOX), and conjugation by glycosyl- and malonyl-transferases. The diversity of NAE metabolites points to participation in multiple downstream pathways for regulation and function. NAEs with acyl chains of 18C are typically the most predominant types in vascular plants. Whereas in nonvascular plants and some algae, the arachidonic acid-containing NAE, anandamide (a functional “endocannabinoid” in animal systems), was recently reported. A signaling role for anandamide and other NAEs is well established in vertebrates, while NAEs and their oxylipin metabolites are recently becoming appreciated for lipid mediator roles in vascular plants. Here, the NAE metabolism and function in plants are overviewed, with particular emphasis on processes described in vascular plants where most attention has been focused. 
    more » « less
  2. ; ; (, IEEE)
    The proliferation of online face images has heightened privacy concerns, as adversaries can exploit facial features for nefarious purposes. While adversarial perturbations have been proposed to safeguard these images, their effectiveness remains questionable. This paper introduces IVORY, a novel adversarial purification method leveraging Diffusion Transformer-based Stable Diffusion 3 model to purify perturbed images and improve facial feature extraction. Evaluated across gender recognition, ethnicity recognition and age group classification tasks with CNNs like VGG16, SENet and MobileNetV3 and vision transformers like SwinFace, IVORY consistently restores classifier performance to near-clean levels in white-box settings, outperforming traditional defenses such as Adversarial Training, DiffPure and IMPRESS. For example, it improved gender recognition accuracy from 37.8% to 96% under the PGD attack for VGG16 and age group classification accuracy from 2.1% to 52.4% under AutoAttack for MobileNetV3. In black-box scenarios, IVORY achieves a 22.8% average accuracy gain. IVORY also reduces SSIM noise by over 50% at 1x resolution and up to 80% at 2x resolution compared to DiffPure. Our analysis further reveals that adversarial perturbations alone do not fully protect against soft-biometric extraction, highlighting the need for comprehensive evaluation frameworks and robust defenses. 
    more » « less
  3. ; ; ; (, Plant Direct)
    Abstract Fatty acid amide hydrolase (FAAH) is a conserved amidase that is known to modulate the levels of endogenousN‐acylethanolamines (NAEs) in both plants and animals. The activity of FAAH is enhancedin vitroby synthetic phenoxyacylethanolamides resulting in greater hydrolysis of NAEs. Previously, 3‐n‐pentadecylphenolethanolamide (PDP‐EA) was shown to exert positive effects on the development of Arabidopsis seedlings by enhancing Arabidopsis FAAH (AtFAAH) activity. However, there is little information regarding FAAH activity and the impact of PDP‐EA in the development of seedlings of other plant species. Here, we examined the effects of PDP‐EA on growth of upland cotton (Gossypium hirsutumL. cv Coker 312) seedlings including two lines of transgenic seedlings overexpressingAtFAAH. Independent transgenic events showed accelerated true‐leaf emergence compared with non‐transgenic controls. Exogenous applications of PDP‐EA led to increases in overall seedling growth in AtFAAH transgenic lines. These enhanced‐growth phenotypes coincided with elevated FAAH activities toward NAEs and NAE oxylipins. Conversely, the endogenous contents of NAEs and NAE‐oxylipin species, especially linoleoylethanolamide and 9‐hydroxy linoleoylethanolamide, were lower in PDP‐EA treated seedlings than in controls. Further, transcripts for endogenous cottonFAAHgenes were increased following PDP‐EA exposure. Collectively, our data corroborate that the enhancement of FAAH enzyme activity by PDP‐EA stimulates NAE‐hydrolysis and that this results in enhanced growth in seedlings of a perennial crop species, extending the role of NAE metabolism in seedling development beyond the model annual plant species,Arabidopsis thaliana. 
    more » « less
  4. ; (, Advances in Neural Information Processing Systems Foundation (NeurIPS))
    null (Ed.)
    Patch adversarial attacks on images, in which the attacker can distort pixels within a region of bounded size, are an important threat model since they provide a quantitative model for physical adversarial attacks. In this paper, we introduce a certifiable defense against patch attacks that guarantees for a given image and patch attack size, no patch adversarial examples exist. Our method is related to the broad class of randomized smoothing robustness schemes which provide high-confidence probabilistic robustness certificates. By exploiting the fact that patch attacks are more constrained than general sparse attacks, we derive meaningfully large robustness certificates against them. Additionally, in contrast to smoothing-based defenses against L_p and sparse attacks, our defense method against patch attacks is de-randomized, yielding improved, deterministic certificates. Compared to the existing patch certification method proposed by Chiang et al. (2020), which relies on interval bound propagation, our method can be trained significantly faster, achieves high clean and certified robust accuracy on CIFAR-10, and provides certificates at ImageNet scale. For example, for a 5-by-5 patch attack on CIFAR-10, our method achieves up to around 57.6% certified accuracy (with a classifier with around 83.8% clean accuracy), compared to at most 30.3% certified accuracy for the existing method (with a classifier with around 47.8% clean accuracy). Our results effectively establish a new state-of-the-art of certifiable defense against patch attacks on CIFAR-10 and ImageNet. 
    more » « less
  5. ; ; (, Plant Physiology)
    Abstract Polyunsaturated N-acylethanolamines (NAEs) can be hydrolyzed by fatty acid amide hydrolase (FAAH) or oxidized by lipoxygenase (LOX). In Arabidopsis (Arabidopsis thaliana), the 9-LOX product of linoleoylethanolamide, namely, 9-hydroxy linoleoylethanolamide (9-NAE-HOD), is reported to negatively regulate seedling development during secondary dormancy. In upland cotton (Gossypium hirsutum L.), six putative FAAH genes (from two diverged groups) and six potential 9-LOX genes are present; however, their involvement in 9-NAE-HOD metabolism and its regulation of seedling development remain unexplored. Here, we report that in cotton plants, two specific FAAH isoforms (GhFAAH Ib and GhFAAH IIb) are needed for hydrolysis of certain endogenous NAEs. Virus-induced gene silencing (VIGS) of either or both FAAHs led to reduced seedling growth and this coincided with reduced amidohydrolase activities and elevated quantities of endogenous 9-NAE-HOD. Transcripts of GhLOX21 were consistently elevated in FAAH-silenced tissues, and co-silencing of GhLOX21 and GhFAAH (Ib and/or IIb) led to reversal of seedling growth to normal levels (comparable with no silencing). This was concomitant with reductions in the levels of 9-NAE-HOD, but not of 13-NAE-HOD. Pharmacological experiments corroborated the genetic and biochemical evidence, demonstrating that direct application of 9-NAE-HOD, but not 13-NAE-HOD or their corresponding free fatty acid oxylipins, inhibited the growth of cotton seedlings. Additionally, VIGS of GhLOX21 in cotton lines overexpressing AtFAAH exhibited enhanced growth and no detectable 9-NAE-HOD. Altogether, we conclude that the growth of cotton seedlings involves fine-tuning of 9-NAE-HOD levels via FAAH-mediated hydrolysis and LOX-mediated production, expanding the mechanistic understanding of plant growth modulation by NAE oxylipins to a perennial crop species. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email