Generating Unrestricted Adversarial Examples via Three Parameters

by   Hanieh Naderi, et al.

Deep neural networks have been shown to be vulnerable to adversarial examples deliberately constructed to misclassify victim models. As most adversarial examples have restricted their perturbations to L_p-norm, existing defense methods have focused on these types of perturbations and less attention has been paid to unrestricted adversarial examples; which can create more realistic attacks, able to deceive models without affecting human predictions. To address this problem, the proposed adversarial attack generates an unrestricted adversarial example with a limited number of parameters. The attack selects three points on the input image and based on their locations transforms the image into an adversarial example. By limiting the range of movement and location of these three points and using a discriminatory network, the proposed unrestricted adversarial example preserves the image appearance. Experimental results show that the proposed adversarial examples obtain an average success rate of 93.5 also reduces the model accuracy by an average of 73 FMNIST, SVHN, CIFAR10, CIFAR100, and ImageNet. It should be noted that, in the case of attacks, lower accuracy in the victim model denotes a more successful attack. The adversarial train of the attack also improves model robustness against a randomly transformed image.



page 8

page 13

page 15


MULDEF: Multi-model-based Defense Against Adversarial Examples for Neural Networks

Despite being popularly used in many application domains such as image r...

Semantic Adversarial Examples

Deep neural networks are known to be vulnerable to adversarial examples,...

Intelligent image synthesis to attack a segmentation CNN using adversarial learning

Deep learning approaches based on convolutional neural networks (CNNs) h...

AdvGAN++ : Harnessing latent layers for adversary generation

Adversarial examples are fabricated examples, indistinguishable from the...

Adversarial Attack in the Context of Self-driving

In this paper, we propose a model that can attack segmentation models wi...

AdvJND: Generating Adversarial Examples with Just Noticeable Difference

Compared with traditional machine learning models, deep neural networks ...

Generate (non-software) Bugs to Fool Classifiers

In adversarial attacks intended to confound deep learning models, most s...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.