Minimizing Perceived Image Quality Loss Through Adversarial Attack Scoping

TL;DR

This paper introduces simplified adversarial attack algorithms that focus on minimizing perceived image quality loss, enabling fast, transfer, and pen-based attacks applicable across various datasets in computer vision security.

Contribution

The paper presents a novel scoping-based approach for adversarial attacks that reduces computational cost and extends attack methods to pen-only drawings, broadening practical applicability.

Findings

Fast adversarial attacks minimizing SSIM loss

Efficient transfer attacks with low network calls

Feasibility of pen-only drawing attacks on MNIST

Abstract

Neural networks are now actively being used for computer vision tasks in security critical areas such as robotics, face recognition, autonomous vehicles yet their safety is under question after the discovery of adversarial attacks. In this paper we develop simplified adversarial attack algorithms based on a scoping idea, which enables execution of fast adversarial attacks that minimize structural image quality (SSIM) loss, allows performing efficient transfer attacks with low target inference network call count and opens a possibility of an attack using pen-only drawings on a paper for the MNIST handwritten digit dataset. The presented adversarial attack analysis and the idea of attack scoping can be easily expanded to different datasets, thus making the paper's results applicable to a wide range of practical tasks.