# The Attack Generator: A Systematic Approach Towards Constructing   Adversarial Attacks

**Authors:** Felix Assion, Peter Schlicht, Florens Gre{\ss}ner, Wiebke G\"unther,, Fabian H\"uger, Nico Schmidt, Umair Rasheed

arXiv: 1906.07077 · 2019-06-18

## TL;DR

This paper introduces a structured approach called the 'attack generator' to analyze, categorize, and systematically create adversarial attacks for machine learning systems, especially in computer vision for autonomous vehicles.

## Contribution

It presents a comprehensive taxonomy of adversarial attacks, linking attack components to application contexts, and demonstrates how this framework can generate new attacks.

## Key findings

- Extended existing adversarial perturbation taxonomies.
- Linked attack components to autonomous vehicle vision tasks.
- Validated the attack generator by analyzing current semantic segmentation attacks.

## Abstract

Most state-of-the-art machine learning (ML) classification systems are vulnerable to adversarial perturbations. As a consequence, adversarial robustness poses a significant challenge for the deployment of ML-based systems in safety- and security-critical environments like autonomous driving, disease detection or unmanned aerial vehicles. In the past years we have seen an impressive amount of publications presenting more and more new adversarial attacks. However, the attack research seems to be rather unstructured and new attacks often appear to be random selections from the unlimited set of possible adversarial attacks. With this publication, we present a structured analysis of the adversarial attack creation process. By detecting different building blocks of adversarial attacks, we outline the road to new sets of adversarial attacks. We call this the "attack generator". In the pursuit of this objective, we summarize and extend existing adversarial perturbation taxonomies. The resulting taxonomy is then linked to the application context of computer vision systems for autonomous vehicles, i.e. semantic segmentation and object detection. Finally, in order to prove the usefulness of the attack generator, we investigate existing semantic segmentation attacks with respect to the detected defining components of adversarial attacks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.07077/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/1906.07077/full.md

## References

44 references — full list in the complete paper: https://tomesphere.com/paper/1906.07077/full.md

---
Source: https://tomesphere.com/paper/1906.07077