TL;DR
This paper introduces novel deep generative models for creating efficient, high-fooling-rate adversarial perturbations that can be applied across various tasks and datasets, outperforming existing methods in speed and effectiveness.
Contribution
The authors develop trainable generative models capable of producing both image-agnostic and image-dependent adversarial perturbations for multiple tasks, reducing the need for task-specific attack design.
Findings
High fooling rates on ImageNet and Cityscapes datasets
Faster inference compared to iterative attack methods
Effective in both targeted and non-targeted attacks across tasks
Abstract
In this paper, we propose novel generative models for creating adversarial examples, slightly perturbed images resembling natural images but maliciously crafted to fool pre-trained models. We present trainable deep neural networks for transforming images to adversarial perturbations. Our proposed models can produce image-agnostic and image-dependent perturbations for both targeted and non-targeted attacks. We also demonstrate that similar architectures can achieve impressive results in fooling classification and semantic segmentation models, obviating the need for hand-crafting attack methods for each task. Using extensive experiments on challenging high-resolution datasets such as ImageNet and Cityscapes, we show that our perturbations achieve high fooling rates with small perturbation norms. Moreover, our attacks are considerably faster than current iterative methods at inference time.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
