Improving diversity and quality of adversarial examples in adversarial transformation network

This paper proposes PatternAttack to mitigate two major issues of Adversarial Transformation Network (ATN) including the low diversity and quality adversarial examples. In order deal with first issue, this research a stacked convolutional autoencoder based on patterns generalize ATN. proposed could support different such as all-pixel pattern, object boundary class model map pattern. second presents an algorithm improve examples in terms $$L_0$$ -norm $$L_2$$ -norm. employs pixel ranking heuristics JSMA COI prioritize pixels. To demonstrate advantages method, comprehensive experiments have been conducted MNIST dataset CIFAR-10 dataset. For generates diverse significantly improves -norm, decreases from hundreds pixels one pixel. reduces average distance considerably. These results show that method can generate high-quality practice.