CD-UAP: Class Discriminative Universal Adversarial Perturbation
- URL: http://arxiv.org/abs/2010.03300v1
- Date: Wed, 7 Oct 2020 09:26:42 GMT
- Title: CD-UAP: Class Discriminative Universal Adversarial Perturbation
- Authors: Chaoning Zhang, Philipp Benz, Tooba Imtiaz, In So Kweon
- Abstract summary: A single universal adversarial perturbation (UAP) can be added to all natural images to change most of their predicted class labels.
We propose a new universal attack method to generate a single perturbation that fools a target network to misclassify only a chosen group of classes.
- Score: 83.60161052867534
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: A single universal adversarial perturbation (UAP) can be added to all natural
images to change most of their predicted class labels. It is of high practical
relevance for an attacker to have flexible control over the targeted classes to
be attacked, however, the existing UAP method attacks samples from all classes.
In this work, we propose a new universal attack method to generate a single
perturbation that fools a target network to misclassify only a chosen group of
classes, while having limited influence on the remaining classes. Since the
proposed attack generates a universal adversarial perturbation that is
discriminative to targeted and non-targeted classes, we term it class
discriminative universal adversarial perturbation (CD-UAP). We propose one
simple yet effective algorithm framework, under which we design and compare
various loss function configurations tailored for the class discriminative
universal attack. The proposed approach has been evaluated with extensive
experiments on various benchmark datasets. Additionally, our proposed approach
achieves state-of-the-art performance for the original task of UAP attacking
all classes, which demonstrates the effectiveness of our approach.
Related papers
- SAM Meets UAP: Attacking Segment Anything Model With Universal Adversarial Perturbation [61.732503554088524]
We investigate whether it is possible to attack Segment Anything Model (SAM) with image-aversagnostic Universal Adrial Perturbation (UAP)
We propose a novel perturbation-centric framework that results in a UAP generation method based on self-supervised contrastive learning (CL)
The effectiveness of our proposed CL-based UAP generation method is validated by both quantitative and qualitative results.
arXiv Detail & Related papers (2023-10-19T02:49:24Z) - Comparative Evaluation of Recent Universal Adversarial Perturbations in
Image Classification [27.367498200911285]
The vulnerability of Convolutional Neural Networks (CNNs) to adversarial samples has recently garnered significant attention in the machine learning community.
Recent studies have unveiled the existence of universal adversarial perturbations (UAPs) that are image-agnostic and highly transferable across different CNN models.
arXiv Detail & Related papers (2023-06-20T03:29:05Z) - Semi-Targeted Model Poisoning Attack on Federated Learning via Backward
Error Analysis [15.172954465350667]
Model poisoning attacks on federated learning (FL) intrude in the entire system via compromising an edge model.
We propose the Attacking Distance-aware Attack (ADA) to enhance a poisoning attack by finding the optimized target class in the feature space.
ADA succeeded in increasing the attack performance by 1.8 times in the most challenging case with an attacking frequency of 0.01.
arXiv Detail & Related papers (2022-03-22T11:40:07Z) - PARL: Enhancing Diversity of Ensemble Networks to Resist Adversarial
Attacks via Pairwise Adversarially Robust Loss Function [13.417003144007156]
adversarial attacks tend to rely on the principle of transferability.
Ensemble methods against adversarial attacks demonstrate that an adversarial example is less likely to mislead multiple classifiers.
Recent ensemble methods have either been shown to be vulnerable to stronger adversaries or shown to lack an end-to-end evaluation.
arXiv Detail & Related papers (2021-12-09T14:26:13Z) - Towards A Conceptually Simple Defensive Approach for Few-shot
classifiers Against Adversarial Support Samples [107.38834819682315]
We study a conceptually simple approach to defend few-shot classifiers against adversarial attacks.
We propose a simple attack-agnostic detection method, using the concept of self-similarity and filtering.
Our evaluation on the miniImagenet (MI) and CUB datasets exhibit good attack detection performance.
arXiv Detail & Related papers (2021-10-24T05:46:03Z) - Universal Adversarial Training with Class-Wise Perturbations [78.05383266222285]
adversarial training is the most widely used method for defending against adversarial attacks.
In this work, we find that a UAP does not attack all classes equally.
We improve the SOTA UAT by proposing to utilize class-wise UAPs during adversarial training.
arXiv Detail & Related papers (2021-04-07T09:05:49Z) - Double Targeted Universal Adversarial Perturbations [83.60161052867534]
We introduce a double targeted universal adversarial perturbations (DT-UAPs) to bridge the gap between the instance-discriminative image-dependent perturbations and the generic universal perturbations.
We show the effectiveness of the proposed DTA algorithm on a wide range of datasets and also demonstrate its potential as a physical attack.
arXiv Detail & Related papers (2020-10-07T09:08:51Z) - Decision-based Universal Adversarial Attack [55.76371274622313]
In black-box setting, current universal adversarial attack methods utilize substitute models to generate the perturbation.
We propose an efficient Decision-based Universal Attack (DUAttack)
The effectiveness of DUAttack is validated through comparisons with other state-of-the-art attacks.
arXiv Detail & Related papers (2020-09-15T12:49:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.