Towards Imperceptible Universal Attacks on Texture Recognition

TL;DR

This paper introduces a frequency domain-based universal attack method on texture recognition DNNs, producing less perceptible perturbations with high fooling rates and improved robustness over existing techniques.

Contribution

It proposes a novel frequency-tuned universal attack approach for texture recognition, addressing perceptibility issues of spatial domain perturbations.

Findings

Achieves high fooling rates with less perceptible perturbations.

Improves attack robustness against defended models.

Enhances transferability across datasets.

Abstract

Although deep neural networks (DNNs) have been shown to be susceptible to image-agnostic adversarial attacks on natural image classification problems, the effects of such attacks on DNN-based texture recognition have yet to be explored. As part of our work, we find that limiting the perturbation's $l_p$ norm in the spatial domain may not be a suitable way to restrict the perceptibility of universal adversarial perturbations for texture images. Based on the fact that human perception is affected by local visual frequency characteristics, we propose a frequency-tuned universal attack method to compute universal perturbations in the frequency domain. Our experiments indicate that our proposed method can produce less perceptible perturbations yet with a similar or higher white-box fooling rates on various DNN texture classifiers and texture datasets as compared to existing universal attack techniques. We also demonstrate that our approach can improve the attack robustness against defended models as well as the cross-dataset transferability for texture recognition problems.