# Semantic Adversarial Attacks: Parametric Transformations That Fool Deep   Classifiers

**Authors:** Ameya Joshi, Amitangshu Mukherjee, Soumik Sarkar, Chinmay Hegde

arXiv: 1904.08489 · 2019-08-19

## TL;DR

This paper introduces a new type of adversarial attack that manipulates specific semantic attributes of images using parametric generative models, effectively fooling classifiers with natural-looking inputs.

## Contribution

It proposes a novel semantic adversarial attack method based on parametric transformations, expanding the scope of adversarial examples beyond pixel-level perturbations.

## Key findings

- Semantic adversarial examples can fool classifiers effectively.
- The attack works on both synthetic and real face images.
- Theoretical bounds support the existence of such adversarial examples.

## Abstract

Deep neural networks have been shown to exhibit an intriguing vulnerability to adversarial input images corrupted with imperceptible perturbations. However, the majority of adversarial attacks assume global, fine-grained control over the image pixel space. In this paper, we consider a different setting: what happens if the adversary could only alter specific attributes of the input image? These would generate inputs that might be perceptibly different, but still natural-looking and enough to fool a classifier. We propose a novel approach to generate such `semantic' adversarial examples by optimizing a particular adversarial loss over the range-space of a parametric conditional generative model. We demonstrate implementations of our attacks on binary classifiers trained on face images, and show that such natural-looking semantic adversarial examples exist. We evaluate the effectiveness of our attack on synthetic and real data, and present detailed comparisons with existing attack methods. We supplement our empirical results with theoretical bounds that demonstrate the existence of such parametric adversarial examples.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.08489/full.md

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/1904.08489/full.md

## References

74 references — full list in the complete paper: https://tomesphere.com/paper/1904.08489/full.md

---
Source: https://tomesphere.com/paper/1904.08489