Saliency Attack: Towards Imperceptible Black-box Adversarial Attack
نویسندگان
چکیده
Deep neural networks are vulnerable to adversarial examples, even in the black-box setting where attacker is only accessible model output. Recent studies have devised effective attacks with high query efficiency. However, such performance often accompanied by compromises attack imperceptibility, hindering practical use of these approaches. In this article, we propose restrict perturbations a small salient region generate examples that can hardly be perceived. This approach readily compatible many existing and significantly improve their imperceptibility little degradation success rates. Furthermore, Saliency Attack, new aiming refine achieve better imperceptibility. Extensive experiments show compared state-of-the-art attacks, our achieves much scores, including most apparent distortion (MAD), L 0 2 distances, also obtains true rate number judged human-like threshold on MAD. Importantly, generated interpretable some extent. Finally, it demonstrated robust different detection-based defenses.
منابع مشابه
ASP: A Fast Adversarial Attack Example Generation Framework based on Adversarial Saliency Prediction
With the excellent accuracy and feasibility, the Neural Networks (NNs) have been widely applied into the novel intelligent applications and systems. However, with the appearance of the Adversarial Attack, the NN based system performance becomes extremely vulnerable: the image classification results can be arbitrarily misled by the adversarial examples, which are crafted images with human unperc...
متن کاملLearning to Attack: Adversarial Transformation Networks
With the rapidly increasing popularity of deep neural networks for image recognition tasks, a parallel interest in generating adversarial examples to attack the trained models has arisen. To date, these approaches have involved either directly computing gradients with respect to the image pixels or directly solving an optimization on the image pixels. We generalize this pursuit in a novel direc...
متن کاملTowards Imperceptible and Robust Adversarial Example Attacks against Neural Networks
Machine learning systems based on deep neural networks, being able to produce state-of-the-art results on various perception tasks, have gained mainstream adoption in many applications. However, they are shown to be vulnerable to adversarial example attack, which generates malicious output by adding slight perturbations to the input. Previous adversarial example crafting methods, however, use s...
متن کاملTowards Attack-Agnostic Defenses
Internet attackers control hundreds of thousands to perhaps millions of computers, which they can use for a variety of different attacks. Common attacks include spam delivery, phishing, and DDoS. The current research community focus is on defenses for each specific attack type compromised hosts may launch. However, attack-specific approaches almost always have two fundamental drawbacks: they do...
متن کاملQuery-Efficient Black-box Adversarial Examples
Current neural network-based image classifiers are susceptible to adversarial examples, even in the black-box setting, where the attacker is limited to query access without access to gradients. Previous methods — substitute networks and coordinate-based finite-difference methods — are either unreliable or query-inefficient, making these methods impractical for certain problems. We introduce a n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM Transactions on Intelligent Systems and Technology
سال: 2023
ISSN: ['2157-6904', '2157-6912']
DOI: https://doi.org/10.1145/3582563