ADef: an Iterative Algorithm to Construct Adversarial Deformations
Rima Alaifari, Giovanni S. Alberti, Tandri Gauksson
TL;DR
This paper introduces ADef, an iterative algorithm that creates adversarial attacks by applying small deformations to images, enhancing understanding of neural network vulnerabilities.
Contribution
The paper presents a novel deformation-based adversarial attack method and demonstrates its effectiveness on MNIST and ImageNet datasets.
Findings
ADef successfully generates adversarial deformations.
Deformations can fool neural networks like Inception-v3 and ResNet-101.
The method reveals new insights into neural network stability.
Abstract
While deep neural networks have proven to be a powerful tool for many recognition and classification tasks, their stability properties are still not well understood. In the past, image classifiers have been shown to be vulnerable to so-called adversarial attacks, which are created by additively perturbing the correctly classified image. In this paper, we propose the ADef algorithm to construct a different kind of adversarial attack created by iteratively applying small deformations to the image, found through a gradient descent step. We demonstrate our results on MNIST with convolutional neural networks and on ImageNet with Inception-v3 and ResNet-101.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Bacillus and Francisella bacterial research
MethodsAverage Pooling · Auxiliary Classifier · 1x1 Convolution · RMSProp · Inception-v3 Module · Max Pooling · Softmax · Convolution · Dropout · Dense Connections