Trace-Norm Adversarial Examples

• URL: http://arxiv.org/abs/2007.01855v1
• Date: Thu, 2 Jul 2020 13:37:19 GMT
• Title: Trace-Norm Adversarial Examples
• Authors: Ehsan Kazemi, Thomas Kerdreux and Liqiang Wang
• Abstract summary: Constraining the adversarial search with different norms results in disparately structured adversarial examples. structured adversarial perturbations may allow for larger distortions size than their $l_p$ counter-part. They allow some control on the generation of the adversarial perturbation, like (localized) bluriness.
• Score: 24.091216490378567
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: White box adversarial perturbations are sought via iterative optimization algorithms most often minimizing an adversarial loss on a $l_p$ neighborhood of the original image, the so-called distortion set. Constraining the adversarial search with different norms results in disparately structured adversarial examples. Here we explore several distortion sets with structure-enhancing algorithms. These new structures for adversarial examples, yet pervasive in optimization, are for instance a challenge for adversarial theoretical certification which again provides only $l_p$ certificates. Because adversarial robustness is still an empirical field, defense mechanisms should also reasonably be evaluated against differently structured attacks. Besides, these structured adversarial perturbations may allow for larger distortions size than their $l_p$ counter-part while remaining imperceptible or perceptible as natural slight distortions of the image. Finally, they allow some control on the generation of the adversarial perturbation, like (localized) bluriness.

Related papers

• Improving Adversarial Training using Vulnerability-Aware Perturbation Budget [7.430861908931903]
  Adversarial Training (AT) effectively improves the robustness of Deep Neural Networks (DNNs) to adversarial attacks. We propose two simple, computationally cheap vulnerability-aware reweighting functions for assigning perturbation bounds to adversarial examples used for AT. Experimental results show that the proposed methods yield genuine improvements in the robustness of AT algorithms against various adversarial attacks.
  arXiv  Detail & Related papers  (2024-03-06T21:50:52Z)
• Transcending Adversarial Perturbations: Manifold-Aided Adversarial Examples with Legitimate Semantics [10.058463432437659]
  Deep neural networks were significantly vulnerable to adversarial examples manipulated by malicious tiny perturbations. In this paper, we propose a supervised semantic-transformation generative model to generate adversarial examples with real and legitimate semantics. Experiments on MNIST and industrial defect datasets showed that our adversarial examples not only exhibited better visual quality but also achieved superior attack transferability.
  arXiv  Detail & Related papers  (2024-02-05T15:25:40Z)
• AFLOW: Developing Adversarial Examples under Extremely Noise-limited Settings [7.828994881163805]
  deep neural networks (DNNs) are vulnerable to adversarial attacks. We propose a novel Normalize Flow-based end-to-end attack framework, called AFLOW, to synthesize imperceptible adversarial examples. Compared with existing methods, AFLOW exhibit superiority in imperceptibility, image quality and attack capability.
  arXiv  Detail & Related papers  (2023-10-15T10:54:07Z)
• Assessing Robustness via Score-Based Adversarial Image Generation [7.640804709462919]
  We introduce Score-Based Adversarial Generation (ScoreAG) to generate adversarial examples beyond $ell_p$-norm constraints. ScoreAG maintains the core semantics of images while generating realistic adversarial examples, either by transforming existing images or new ones entirely from scratch. Our empirical evaluation demonstrates that ScoreAG matches the performance of state-of-the-art attacks and defenses across multiple benchmarks.
  arXiv  Detail & Related papers  (2023-10-06T14:37:22Z)
• Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning [80.21709045433096]
  A standard method in adversarial robustness assumes a framework to defend against samples crafted by minimally perturbing a sample. We use metric learning to frame adversarial regularization as an optimal transport problem. Our preliminary results indicate that regularizing over invariant perturbations in our framework improves both invariant and sensitivity defense.
  arXiv  Detail & Related papers  (2022-11-04T13:54:02Z)
• Block-Sparse Adversarial Attack to Fool Transformer-Based Text Classifiers [49.50163349643615]
  In this paper, we propose a gradient-based adversarial attack against transformer-based text classifiers. Experimental results demonstrate that, while our adversarial attack maintains the semantics of the sentence, it can reduce the accuracy of GPT-2 to less than 5%.
  arXiv  Detail & Related papers  (2022-03-11T14:37:41Z)
• Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations [70.05004034081377]
  We first propose a novel method for generating composite adversarial examples. Our method can find the optimal attack composition by utilizing component-wise projected gradient descent. We then propose generalized adversarial training (GAT) to extend model robustness from $ell_p$-ball to composite semantic perturbations.
  arXiv  Detail & Related papers  (2022-02-09T02:41:56Z)
• Adversarial Examples Detection beyond Image Space [88.7651422751216]
  We find that there exists compliance between perturbations and prediction confidence, which guides us to detect few-perturbation attacks from the aspect of prediction confidence. We propose a method beyond image space by a two-stream architecture, in which the image stream focuses on the pixel artifacts and the gradient stream copes with the confidence artifacts.
  arXiv  Detail & Related papers  (2021-02-23T09:55:03Z)
• Generating Structured Adversarial Attacks Using Frank-Wolfe Method [7.84752424025677]
  Constraining adversarial search with different norms results in disparately structured adversarial examples. structured adversarial examples can be used for adversarial regularization of models to make models more robust or improve their performance on datasets which are structurally different.
  arXiv  Detail & Related papers  (2021-02-15T06:36:50Z)
• Detecting Adversarial Examples by Input Transformations, Defense Perturbations, and Voting [71.57324258813674]
  convolutional neural networks (CNNs) have proved to reach super-human performance in visual recognition tasks. CNNs can easily be fooled by adversarial examples, i.e., maliciously-crafted images that force the networks to predict an incorrect output. This paper extensively explores the detection of adversarial examples via image transformations and proposes a novel methodology.
  arXiv  Detail & Related papers  (2021-01-27T14:50:41Z)
• A Hamiltonian Monte Carlo Method for Probabilistic Adversarial Attack and Learning [122.49765136434353]
  We present an effective method, called Hamiltonian Monte Carlo with Accumulated Momentum (HMCAM), aiming to generate a sequence of adversarial examples. We also propose a new generative method called Contrastive Adversarial Training (CAT), which approaches equilibrium distribution of adversarial examples. Both quantitative and qualitative analysis on several natural image datasets and practical systems have confirmed the superiority of the proposed algorithm.
  arXiv  Detail & Related papers  (2020-10-15T16:07:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.