Adversarial Transformation Networks: Learning to Generate Adversarial Examples

TL;DR

This paper introduces Adversarial Transformation Networks (ATNs), a fast and diverse method for generating adversarial examples by training neural networks to produce targeted modifications that fool classifiers.

Contribution

The paper proposes a novel, efficient approach to generate adversarial examples using trained feed-forward networks, enabling rapid and diverse attacks against various classifiers.

Findings

ATNs can generate effective adversarial examples quickly.

ATNs produce diverse adversarial outputs.

ATNs successfully attack MNIST and ImageNet classifiers.

Abstract

Multiple different approaches of generating adversarial examples have been proposed to attack deep neural networks. These approaches involve either directly computing gradients with respect to the image pixels, or directly solving an optimization on the image pixels. In this work, we present a fundamentally new method for generating adversarial examples that is fast to execute and provides exceptional diversity of output. We efficiently train feed-forward neural networks in a self-supervised manner to generate adversarial examples against a target network or set of networks. We call such a network an Adversarial Transformation Network (ATN). ATNs are trained to generate adversarial examples that minimally modify the classifier's outputs given the original input, while constraining the new classification to match an adversarial target class. We present methods to train ATNs and analyze their effectiveness targeting a variety of MNIST classifiers as well as the latest state-of-the-art ImageNet classifier Inception ResNet v2.