# Mimic and Fool: A Task Agnostic Adversarial Attack

**Authors:** Akshay Chaturvedi, Utpal Garain

arXiv: 1906.04606 · 2020-04-14

## TL;DR

The paper introduces Mimic and Fool, a task-agnostic adversarial attack that creates images mimicking feature representations to deceive various downstream vision models, achieving high success rates across multiple tasks.

## Contribution

It presents a novel, task-agnostic adversarial attack method that exploits feature extractors, applicable to multiple vision tasks without task-specific adjustments.

## Key findings

- Achieves success rates of 74.0%, 81.0%, and 87.1% on different models.
- Effective in generating natural-looking adversarial images.
- Applicable to invertible architectures.

## Abstract

At present, adversarial attacks are designed in a task-specific fashion. However, for downstream computer vision tasks such as image captioning, image segmentation etc., the current deep learning systems use an image classifier like VGG16, ResNet50, Inception-v3 etc. as a feature extractor. Keeping this in mind, we propose Mimic and Fool, a task agnostic adversarial attack. Given a feature extractor, the proposed attack finds an adversarial image which can mimic the image feature of the original image. This ensures that the two images give the same (or similar) output regardless of the task. We randomly select 1000 MSCOCO validation images for experimentation. We perform experiments on two image captioning models, Show and Tell, Show Attend and Tell and one VQA model, namely, end-to-end neural module network (N2NMN). The proposed attack achieves success rate of 74.0%, 81.0% and 87.1% for Show and Tell, Show Attend and Tell and N2NMN respectively. We also propose a slight modification to our attack to generate natural-looking adversarial images. In addition, we also show the applicability of the proposed attack for invertible architecture. Since Mimic and Fool only requires information about the feature extractor of the model, it can be considered as a gray-box attack.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.04606/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1906.04606/full.md

## References

31 references — full list in the complete paper: https://tomesphere.com/paper/1906.04606/full.md

---
Source: https://tomesphere.com/paper/1906.04606