Latent Magic: An Investigation into Adversarial Examples Crafted in the
Semantic Latent Space
- URL: http://arxiv.org/abs/2305.12906v1
- Date: Mon, 22 May 2023 10:39:54 GMT
- Title: Latent Magic: An Investigation into Adversarial Examples Crafted in the
Semantic Latent Space
- Authors: BoYang Zheng
- Abstract summary: Adrial attacks against Deep Neural Networks(DNN) have been a crutial topic ever since citegoodfellow purposed the vulnerability of DNNs.
Most prior works craft adversarial examples in the pixel space, following the $l_p$ norm constraint.
In this paper, we give intuitional explain about why crafting adversarial examples in the latent space is equally efficient and important.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Adversarial attacks against Deep Neural Networks(DNN) have been a crutial
topic ever since \cite{goodfellow} purposed the vulnerability of DNNs. However,
most prior works craft adversarial examples in the pixel space, following the
$l_p$ norm constraint. In this paper, we give intuitional explain about why
crafting adversarial examples in the latent space is equally efficient and
important. We purpose a framework for crafting adversarial examples in semantic
latent space based on an pre-trained Variational Auto Encoder from state-of-art
Stable Diffusion Model\cite{SDM}. We also show that adversarial examples
crafted in the latent space can also achieve a high level of fool rate.
However, examples crafted from latent space are often hard to evaluated, as
they doesn't follow a certain $l_p$ norm constraint, which is a big challenge
for existing researches. To efficiently and accurately evaluate the adversarial
examples crafted in the latent space, we purpose \textbf{a novel evaluation
matric} based on SSIM\cite{SSIM} loss and fool rate.Additionally, we explain
why FID\cite{FID} is not suitable for measuring such adversarial examples. To
the best of our knowledge, it's the first evaluation metrics that is
specifically designed to evaluate the quality of a adversarial attack. We also
investigate the transferability of adversarial examples crafted in the latent
space and show that they have superiority over adversarial examples crafted in
the pixel space.
Related papers
- Transcending Adversarial Perturbations: Manifold-Aided Adversarial
Examples with Legitimate Semantics [10.058463432437659]
Deep neural networks were significantly vulnerable to adversarial examples manipulated by malicious tiny perturbations.
In this paper, we propose a supervised semantic-transformation generative model to generate adversarial examples with real and legitimate semantics.
Experiments on MNIST and industrial defect datasets showed that our adversarial examples not only exhibited better visual quality but also achieved superior attack transferability.
arXiv Detail & Related papers (2024-02-05T15:25:40Z) - A Geometrical Approach to Evaluate the Adversarial Robustness of Deep
Neural Networks [52.09243852066406]
Adversarial Converging Time Score (ACTS) measures the converging time as an adversarial robustness metric.
We validate the effectiveness and generalization of the proposed ACTS metric against different adversarial attacks on the large-scale ImageNet dataset.
arXiv Detail & Related papers (2023-10-10T09:39:38Z) - Latent Feature Relation Consistency for Adversarial Robustness [80.24334635105829]
misclassification will occur when deep neural networks predict adversarial examples which add human-imperceptible adversarial noise to natural examples.
We propose textbfLatent textbfFeature textbfRelation textbfConsistency (textbfLFRC)
LFRC constrains the relation of adversarial examples in latent space to be consistent with the natural examples.
arXiv Detail & Related papers (2023-03-29T13:50:01Z) - Latent Boundary-guided Adversarial Training [61.43040235982727]
Adrial training is proved to be the most effective strategy that injects adversarial examples into model training.
We propose a novel adversarial training framework called LAtent bounDary-guided aDvErsarial tRaining.
arXiv Detail & Related papers (2022-06-08T07:40:55Z) - SemAttack: Natural Textual Attacks via Different Semantic Spaces [26.97034787803082]
We propose an efficient framework to generate natural adversarial text by constructing different semantic perturbation functions.
We show that SemAttack is able to generate adversarial texts for different languages with high attack success rates.
Our generated adversarial texts are natural and barely affect human performance.
arXiv Detail & Related papers (2022-05-03T03:44:03Z) - A Frequency Perspective of Adversarial Robustness [72.48178241090149]
We present a frequency-based understanding of adversarial examples, supported by theoretical and empirical findings.
Our analysis shows that adversarial examples are neither in high-frequency nor in low-frequency components, but are simply dataset dependent.
We propose a frequency-based explanation for the commonly observed accuracy vs. robustness trade-off.
arXiv Detail & Related papers (2021-10-26T19:12:34Z) - TREATED:Towards Universal Defense against Textual Adversarial Attacks [28.454310179377302]
We propose TREATED, a universal adversarial detection method that can defend against attacks of various perturbation levels without making any assumptions.
Extensive experiments on three competitive neural networks and two widely used datasets show that our method achieves better detection performance than baselines.
arXiv Detail & Related papers (2021-09-13T03:31:20Z) - Discriminator-Free Generative Adversarial Attack [87.71852388383242]
Agenerative-based adversarial attacks can get rid of this limitation.
ASymmetric Saliency-based Auto-Encoder (SSAE) generates the perturbations.
The adversarial examples generated by SSAE not only make thewidely-used models collapse, but also achieves good visual quality.
arXiv Detail & Related papers (2021-07-20T01:55:21Z) - Exploring Robustness of Unsupervised Domain Adaptation in Semantic
Segmentation [74.05906222376608]
We propose adversarial self-supervision UDA (or ASSUDA) that maximizes the agreement between clean images and their adversarial examples by a contrastive loss in the output space.
This paper is rooted in two observations: (i) the robustness of UDA methods in semantic segmentation remains unexplored, which pose a security concern in this field; and (ii) although commonly used self-supervision (e.g., rotation and jigsaw) benefits image tasks such as classification and recognition, they fail to provide the critical supervision signals that could learn discriminative representation for segmentation tasks.
arXiv Detail & Related papers (2021-05-23T01:50:44Z) - Intriguing Properties of Adversarial ML Attacks in the Problem Space [Extended Version] [18.3238686304247]
We propose a general formalization for adversarial ML evasion attacks in the problem-space.
We propose a novel problem-space attack on Android malware that overcomes past limitations in terms of semantics and artifacts.
Our results demonstrate that "adversarial-malware as a service" is a realistic threat.
arXiv Detail & Related papers (2019-11-05T23:39:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.