A Study for Universal Adversarial Attacks on Texture Recognition

TL;DR

This paper demonstrates that universal adversarial perturbations can effectively fool deep learning models in texture recognition tasks with high success rates, revealing vulnerabilities similar to those in natural image classification.

Contribution

It introduces the existence of universal adversarial attacks on texture recognition models and analyzes their properties and effectiveness.

Findings

Universal perturbations achieve over 80% fooling rate.

Perturbations are quasi-imperceptible and contain structured patterns.

Attacks are effective across multiple texture datasets.

Abstract

Given the outstanding progress that convolutional neural networks (CNNs) have made on natural image classification and object recognition problems, it is shown that deep learning methods can achieve very good recognition performance on many texture datasets. However, while CNNs for natural image classification/object recognition tasks have been revealed to be highly vulnerable to various types of adversarial attack methods, the robustness of deep learning methods for texture recognition is yet to be examined. In our paper, we show that there exist small image-agnostic/univesal perturbations that can fool the deep learning models with more than 80\% of testing fooling rates on all tested texture datasets. The computed perturbations using various attack methods on the tested datasets are generally quasi-imperceptible, containing structured patterns with low, middle and high frequency components.