FABRICATE-VANISH: AN EFFECTIVE AND TRANSFERABLE BLACK-BOX ADVERSARIAL ATTACK INCORPORATING FEATURE DISTORTION

Yantao Lu, Xueying Du, Bingkun Sun, Haining Ren, Senem Velipasalar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Adversarial examples have emerged as increasingly severe threats for deep neural networks. Recent works have revealed that these malicious samples can transfer across different neural networks, and effectively attack other models. The state-of-the-art methodologies leverage Fast Gradient Sign Method to generate obstructing textures, which can cause neural networks to make incorrect inferences. However, the over-reliance on task-specific loss functions makes the adversarial examples less transferable across networks. Moreover, recent de-noising based adaptive defences provide promising performance against aforementioned attacks. Therefore, to achieve better transferability and attack effectiveness, we propose a novel attack, referred to as the Fabricate-Vanish (FV) attack, which is able to erase benign representations and generate obstruction textures simultaneously. The proposed FV attack treats the adversarial example transferability as latent contribution for each layer of deep neural networks, and maximizes the attack performance by balancing transferability and task specific loss function. Our experimental results on ImageNet show that the proposed FV attack achieves the best attack performance and better transferability by degrading the accuracy of classifiers 3.8% more on average compared to the state-of-the-art attacks.

Original languageEnglish (US)
Title of host publication2021 IEEE International Conference on Image Processing, ICIP 2021 - Proceedings
PublisherIEEE Computer Society
Pages809-813
Number of pages5
ISBN (Electronic)9781665441155
DOIs
StatePublished - 2021
Externally publishedYes
Event2021 IEEE International Conference on Image Processing, ICIP 2021 - Anchorage, United States
Duration: Sep 19 2021Sep 22 2021

Publication series

NameProceedings - International Conference on Image Processing, ICIP
Volume2021-September
ISSN (Print)1522-4880

Conference

Conference2021 IEEE International Conference on Image Processing, ICIP 2021
Country/TerritoryUnited States
CityAnchorage
Period9/19/219/22/21

Keywords

  • Adversarial attack
  • Adversarial examples
  • Black-box
  • Computer vision
  • Neural networks

ASJC Scopus subject areas

  • Software
  • Computer Vision and Pattern Recognition
  • Signal Processing

Fingerprint

Dive into the research topics of 'FABRICATE-VANISH: AN EFFECTIVE AND TRANSFERABLE BLACK-BOX ADVERSARIAL ATTACK INCORPORATING FEATURE DISTORTION'. Together they form a unique fingerprint.

Cite this