Stochastic sparse adversarial attacks
Manon C\'esaire, Lucas Schott, Hatem Hajri, Sylvain Lamprier, and, Patrick Gallinari
TL;DR
This paper presents stochastic sparse adversarial attacks (SSAA), a fast, noise-based method for generating sparse adversarial examples for neural networks, demonstrating superior efficiency and effectiveness on large datasets like ImageNet.
Contribution
Introduces SSAA, a novel noise-based sparse attack method utilizing small-time expansion, with scalable and more effective results compared to existing approaches.
Findings
VFGA scales efficiently to ImageNet
VFGA achieves lower L0 scores than SparseFool
VFGA outperforms Sparse-RS in success rate and sparsity
Abstract
This paper introduces stochastic sparse adversarial attacks (SSAA), standing as simple, fast and purely noise-based targeted and untargeted attacks of neural network classifiers (NNC). SSAA offer new examples of sparse (or ) attacks for which only few methods have been proposed previously. These attacks are devised by exploiting a small-time expansion idea widely used for Markov processes. Experiments on small and large datasets (CIFAR-10 and ImageNet) illustrate several advantages of SSAA in comparison with the-state-of-the-art methods. For instance, in the untargeted case, our method called Voting Folded Gaussian Attack (VFGA) scales efficiently to ImageNet and achieves a significantly lower score than SparseFool (up to ) while being faster. Moreover, VFGA achieves better scores on ImageNet than Sparse-RS when both attacks are fully successful on a large…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Machine Learning and Algorithms