Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Transcending Adversarial Perturbations: Manifold-Aided Adversarial Examples with Legitimate Semantics (2402.03095v1)

Published 5 Feb 2024 in cs.CV, cs.CR, and cs.LG

Abstract: Deep neural networks were significantly vulnerable to adversarial examples manipulated by malicious tiny perturbations. Although most conventional adversarial attacks ensured the visual imperceptibility between adversarial examples and corresponding raw images by minimizing their geometric distance, these constraints on geometric distance led to limited attack transferability, inferior visual quality, and human-imperceptible interpretability. In this paper, we proposed a supervised semantic-transformation generative model to generate adversarial examples with real and legitimate semantics, wherein an unrestricted adversarial manifold containing continuous semantic variations was constructed for the first time to realize a legitimate transition from non-adversarial examples to adversarial ones. Comprehensive experiments on MNIST and industrial defect datasets showed that our adversarial examples not only exhibited better visual quality but also achieved superior attack transferability and more effective explanations for model vulnerabilities, indicating their great potential as generic adversarial examples. The code and pre-trained models were available at https://github.com/shuaili1027/MAELS.git.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. A review of deep learning in medical imaging: Imaging traits, technology trends, case studies with progress highlights, and future promises. Proceedings of the IEEE, 109(5):820–838, 2021.
  2. Automated visual defect detection for flat steel surface: A survey. IEEE Transactions on Instrumentation and Measurement, 69(3):626–644, 2020.
  3. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014.
  4. Attack to fool and explain deep networks. IEEE Transactions on Pattern Analysis and Machine Intelligence, 44(10):5980–5995, 2021.
  5. Deep fusion: crafting transferable adversarial examples and improving robustness of industrial artificial intelligence of things. IEEE Transactions on Industrial Informatics, 2022.
  6. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.
  7. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp), pages 39–57. Ieee, 2017.
  8. Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 2574–2582, 2016.
  9. Demiguise attack: Crafting invisible semantic adversarial perturbations with perceptual similarity. arXiv preprint arXiv:2107.01396, 2021.
  10. Semantic adversarial examples. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pages 1614–1619, 2018.
  11. Describing objects by their attributes. In 2009 IEEE conference on computer vision and pattern recognition, pages 1778–1785. IEEE, 2009.
  12. Constructing unrestricted adversarial examples with generative models. Advances in Neural Information Processing Systems, 31, 2018.
  13. Generating natural adversarial examples. arXiv preprint arXiv:1710.11342, 2017.
  14. Colorfool: Semantic adversarial colorization. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 1151–1160, 2020.
  15. Generating semantic adversarial examples via feature manipulation in latent space. IEEE Transactions on Neural Networks and Learning Systems, 2023.
  16. Semanticadv: Generating adversarial examples via attribute-conditioned image editing. In Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XIV 16, pages 19–37. Springer, 2020.
  17. Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates. arXiv preprint arXiv:2003.08937, 2020.
  18. Adversarial attack type i: Cheat classifiers by significant changes. IEEE transactions on pattern analysis and machine intelligence, 43(3):1100–1109, 2019.
  19. Semantic perturbations with normalizing flows for improved generalization. In Proceedings of the IEEE/CVF International Conference on Computer Vision, pages 6619–6629, 2021.
  20. Discrete point-wise attack is not enough: Generalized manifold adversarial attack for face recognition. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 20575–20584, 2023.
  21. Representation learning: A review and new perspectives. IEEE transactions on pattern analysis and machine intelligence, 35(8):1798–1828, 2013.
  22. Infogan: Interpretable representation learning by information maximizing generative adversarial nets. Advances in neural information processing systems, 29, 2016.
  23. Transferable representation learning with deep adaptation networks. IEEE transactions on pattern analysis and machine intelligence, 41(12):3071–3085, 2018.
  24. Interfacegan: Interpreting the disentangled face representation learned by gans. IEEE transactions on pattern analysis and machine intelligence, 44(4):2004–2018, 2020.
  25. Distillation as a defense to adversarial perturbations against deep neural networks. In 2016 IEEE symposium on security and privacy (SP), pages 582–597. IEEE, 2016.
  26. Triplet-graph reasoning network for few-shot metal generic surface defect segmentation. IEEE Transactions on Instrumentation and Measurement, 70:1–11, 2021.
  27. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236, 2016.
  28. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning, pages 2206–2216. PMLR, 2020.
  29. Square attack: a query-efficient black-box adversarial attack via random search. In European conference on computer vision, pages 484–501. Springer, 2020.
  30. Provably robust deep learning via adversarially trained smoothed classifiers. Advances in Neural Information Processing Systems, 32, 2019.
  31. Adversarial example detection by predicting adversarial noise in the frequency domain. Multimedia Tools and Applications, pages 1–17, 2023.
  32. Diffusion models for adversarial purification. arXiv preprint arXiv:2205.07460, 2022.
  33. Constructing semantics-aware adversarial examples with probabilistic perspective. arXiv preprint arXiv:2306.00353, 2023.
  34. On the minimal adversarial perturbation for deep neural networks with provable estimation error. IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(4):5038–5052, 2022.
  35. The robust manifold defense: Adversarial training using generative models. arXiv preprint arXiv:1712.09196, 2017.
  36. Generating adversarial examples with adversarial networks. arXiv preprint arXiv:1801.02610, 2018.
  37. The secret revealer: Generative model-inversion attacks against deep neural networks. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 253–261, 2020.
  38. Query-efficient black-box adversarial attacks guided by a transfer-based prior. IEEE Transactions on Pattern Analysis and Machine Intelligence, 44(12):9536–9548, 2021.
  39. Attacks meet interpretability: Attribute-steered detection of adversarial samples. Advances in Neural Information Processing Systems, 31, 2018.
  40. Robust feature-level adversaries are interpretability tools. Advances in Neural Information Processing Systems, 35:33093–33106, 2022.
  41. Use hirescam instead of grad-cam for faithful explanations of convolutional neural networks. arXiv preprint arXiv:2011.08891, 2020.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (3)
  1. Shuai Li (295 papers)
  2. Xiaoyu Jiang (17 papers)
  3. Xiaoguang Ma (14 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Github Logo Streamline Icon: https://streamlinehq.com

GitHub

  1. GitHub - shuaili1027/MAELS (2 stars)
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets