Towards Feature Space Adversarial Attack by Style Perturbation
نویسندگان
چکیده
We propose a new adversarial attack to Deep Neural Networks for image classification. Different from most existing attacks that directly perturb input pixels, our focuses on perturbing abstract features, more specifically, features denote styles, including interpretable styles such as vivid colors and sharp outlines, uninterpretable ones. It induces model misclassification by injecting imperceptible style changes through an optimization procedure. show can generate samples are natural-looking than the state-of-the-art unbounded attacks. The experiment also supports pixel-space detection defense techniques hardly ensure robustness in style-related feature space.
منابع مشابه
Towards Attack-Resilient Geometric Data Perturbation
Data perturbation is a popular technique for privacypreserving data mining. The major challenge of data perturbation is balancing privacy protection and data quality, which are normally considered as a pair of contradictive factors. We propose that selectively preserving only the task/model specific information in perturbation would improve the balance. Geometric data perturbation, consisting o...
متن کاملAdversarial Feature Learning
The ability of the Generative Adversarial Networks (GANs) framework to learn generative models mapping from simple latent distributions to arbitrarily complex data distributions has been demonstrated empirically, with compelling results showing generators learn to “linearize semantics” in the latent space of such models. Intuitively, such latent spaces may serve as useful feature representation...
متن کاملPerturbation Algorithms for Adversarial Online Learning
Perturbation Algorithms for Adversarial Online Learning
متن کاملUnderstanding Sampling Style Adversarial Search Methods
UCT has recently emerged as an exciting new adversarial reasoning technique based on cleverly balancing exploration and exploitation in a Monte-Carlo sampling setting. It has been particularly successful in the game of Go but the reasons for its success are not well understood and attempts to replicate its success in other domains such as Chess have failed. We provide an in-depth analysis of th...
متن کاملAPE-GAN: Adversarial Perturbation Elimination with GAN
Although neural networks could achieve state-of-the-art performance while recongnizing images, they often suffer a tremendous defeat from adversarial examples–inputs generated by utilizing imperceptible but intentional perturbation to clean samples from the datasets. How to defense against adversarial examples is an important problem which is well worth researching. So far, very few methods hav...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence
سال: 2021
ISSN: ['2159-5399', '2374-3468']
DOI: https://doi.org/10.1609/aaai.v35i12.17259