Semantically Adversarial Learnable Filters

08/13/2020

∙

We present the first adversarial framework that crafts perturbations that mislead classifiers by accounting for the content of the images and the semantics of the labels. The proposed framework combines deep neural networks and traditional image processing filters, which define the type and magnitude of the adversarial perturbation. We also introduce a semantic adversarial loss that guides the training of a fully convolutional neural network to generate adversarial images that will be classified with a label that is semantically different from the label of the original (clean) image. We analyse the limitations of existing methods that do not account for the semantics of the labels and evaluate the proposed framework, FilterFool, on ImageNet and with three object classifiers, namely ResNet50, ResNet18 and AlexNet. We discuss its success rate, robustness and transferability to unseen classifiers.

READ FULL TEXT

Semantically Adversarial Learnable Filters

ColorFool: Semantic Adversarial Colorization

Beyond One-Hot-Encoding: Injecting Semantics to Drive Image Classifiers

EdgeFool: An Adversarial Image Enhancement Filter

A Differentiable Color Filter for Generating Unrestricted Adversarial Images

Evolving Architectures with Gradient Misalignment toward Low Adversarial Transferability

ADef: an Iterative Algorithm to Construct Adversarial Deformations

Benchmarking Robustness to Adversarial Image Obfuscations

Semantically Adversarial Learnable Filters

Related Research

ColorFool: Semantic Adversarial Colorization

Beyond One-Hot-Encoding: Injecting Semantics to Drive Image Classifiers

EdgeFool: An Adversarial Image Enhancement Filter

A Differentiable Color Filter for Generating Unrestricted Adversarial Images

Evolving Architectures with Gradient Misalignment toward Low Adversarial Transferability

ADef: an Iterative Algorithm to Construct Adversarial Deformations

Benchmarking Robustness to Adversarial Image Obfuscations