Just Noticeable Difference for Machine Perception and Generation of Regularized Adversarial Images with Minimal Perturbation

TL;DR

This paper introduces a new measure inspired by human perception to generate minimally perturbed adversarial images that effectively deceive machine perception models while maintaining natural appearance.

Contribution

The authors propose a novel JND-based adversarial image generation algorithm with a specialized cost function that minimizes perturbation and preserves perceptual similarity.

Findings

Generated adversarial images are more successful in fooling models.

Images have less perturbation compared to state-of-the-art methods.

Effective on classification and detection tasks across multiple datasets.

Abstract

In this study, we introduce a measure for machine perception, inspired by the concept of Just Noticeable Difference (JND) of human perception. Based on this measure, we suggest an adversarial image generation algorithm, which iteratively distorts an image by an additive noise until the model detects the change in the image by outputting a false label. The noise added to the original image is defined as the gradient of the cost function of the model. A novel cost function is defined to explicitly minimize the amount of perturbation applied to the input image while enforcing the perceptual similarity between the adversarial and input images. For this purpose, the cost function is regularized by the well-known total variation and bounded range terms to meet the natural appearance of the adversarial image. We evaluate the adversarial images generated by our algorithm both qualitatively and quantitatively on CIFAR10, ImageNet, and MS COCO datasets. Our experiments on image classification and object detection tasks show that adversarial images generated by our JND method are both more successful in deceiving the recognition/detection models and less perturbed compared to the images generated by the state-of-the-art methods, namely, FGV, FSGM, and DeepFool methods.