TL;DR
This paper introduces SmoothFool, a framework for generating smooth adversarial perturbations that reveal new vulnerabilities in deep neural networks, demonstrating their effectiveness and transferability against various defenses.
Contribution
The paper presents a novel, efficient method for creating smooth adversarial perturbations, expanding understanding of DNN vulnerabilities beyond traditional $ ext{l}_p$ bounds.
Findings
Smooth adversarial perturbations exist for common neural network architectures.
Smoothness increases the robustness of perturbations against defenses.
Smooth perturbations transfer better across data points and models.
Abstract
Deep neural networks are susceptible to adversarial manipulations in the input domain. The extent of vulnerability has been explored intensively in cases of -bounded and -minimal adversarial perturbations. However, the vulnerability of DNNs to adversarial perturbations with specific statistical properties or frequency-domain characteristics has not been sufficiently explored. In this paper, we study the smoothness of perturbations and propose SmoothFool, a general and computationally efficient framework for computing smooth adversarial perturbations. Through extensive experiments, we validate the efficacy of the proposed method for both the white-box and black-box attack scenarios. In particular, we demonstrate that: (i) there exist extremely smooth adversarial perturbations for well-established and widely used network architectures, (ii) smoothness significantly…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
