Transferable Adversarial Perturbations
| Autor: | Gan Xiang, Zhou Wen, Chen Yongjun, Yong Yang, Huang Xiangqi, Tang Mengyun, Xin Hou |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Artificial neural network
business.industry Computer science Transferability Perturbation (astronomy) 020206 networking & telecommunications 02 engineering and technology Machine learning computer.software_genre Adversarial system 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Artificial intelligence business computer Computer Science::Cryptography and Security |
| Zdroj: | Computer Vision – ECCV 2018 ISBN: 9783030012632 ECCV (14) |
| DOI: | 10.1007/978-3-030-01264-9_28 |
| Popis: | State-of-the-art deep neural network classifiers are highly vulnerable to adversarial examples which are designed to mislead classifiers with a very small perturbation. However, the performance of black-box attacks (without knowledge of the model parameters) against deployed models always degrades significantly. In this paper, We propose a novel way of perturbations for adversarial examples to enable black-box transfer. We first show that maximizing distance between natural images and their adversarial examples in the intermediate feature maps can improve both white-box attacks (with knowledge of the model parameters) and black-box attacks. We also show that smooth regularization on adversarial perturbations enables transferring across models. Extensive experimental results show that our approach outperforms state-of-the-art methods both in white-box and black-box attacks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|