WaveTransform: Crafting Adversarial Examples via Input Decomposition

TL;DR

WaveTransform introduces a novel adversarial attack method that manipulates low and high-frequency image components via wavelet decomposition, demonstrating effectiveness and transferability against CNNs and defenses.

Contribution

The paper proposes a new frequency-based adversarial attack using wavelet decomposition to craft noise in different frequency subbands, enhancing attack effectiveness.

Findings

Effective against recent defense algorithms

Transferable across different CNN architectures

Utilizes wavelet decomposition for targeted frequency manipulation

Abstract

Frequency spectrum has played a significant role in learning unique and discriminating features for object recognition. Both low and high frequency information present in images have been extracted and learnt by a host of representation learning techniques, including deep learning. Inspired by this observation, we introduce a novel class of adversarial attacks, namely `WaveTransform', that creates adversarial noise corresponding to low-frequency and high-frequency subbands, separately (or in combination). The frequency subbands are analyzed using wavelet decomposition; the subbands are corrupted and then used to construct an adversarial example. Experiments are performed using multiple databases and CNN models to establish the effectiveness of the proposed WaveTransform attack and analyze the importance of a particular frequency component. The robustness of the proposed attack is also evaluated through its transferability and resiliency against a recent adversarial defense algorithm. Experiments show that the proposed attack is effective against the defense algorithm and is also transferable across CNNs.