Adversarial Attack with Pattern Replacement

Ziang Dong; Liang Mao; Shiliang Sun

arXiv:1911.10875·cs.LG·December 2, 2019

Adversarial Attack with Pattern Replacement

Ziang Dong, Liang Mao, Shiliang Sun

PDF

Open Access

TL;DR

This paper introduces a generative adversarial attack method that replaces input patterns with class-specific patterns to fool CNNs, demonstrated on MNIST.

Contribution

It presents a novel generative model for adversarial attacks that uses pattern replacement to deceive neural networks.

Findings

01

Effective attack on CNNs using pattern replacement

02

Generates subtle, class-specific adversarial patterns

03

Demonstrated on MNIST dataset

Abstract

We propose a generative model for adversarial attack. The model generates subtle but predictive patterns from the input. To perform an attack, it replaces the patterns of the input with those generated based on examples from some other class. We demonstrate our model by attacking CNN on MNIST.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Physical Unclonable Functions (PUFs) and Hardware Security · Advanced Malware Detection Techniques