Generating Unrestricted Adversarial Examples via Three Parameters
Hanieh Naderi, Leili Goli, Shohreh Kasaei
TL;DR
This paper introduces a novel method for generating unrestricted adversarial examples using three key parameters, which can deceive models effectively while maintaining image realism, and enhances model robustness.
Contribution
It proposes a new attack method that creates realistic unrestricted adversarial examples with limited parameters, improving attack success and model robustness.
Findings
Achieves 93.5% success rate on human evaluation.
Reduces model accuracy by 73% across six datasets.
Improves robustness through adversarial training.
Abstract
Deep neural networks have been shown to be vulnerable to adversarial examples deliberately constructed to misclassify victim models. As most adversarial examples have restricted their perturbations to -norm, existing defense methods have focused on these types of perturbations and less attention has been paid to unrestricted adversarial examples; which can create more realistic attacks, able to deceive models without affecting human predictions. To address this problem, the proposed adversarial attack generates an unrestricted adversarial example with a limited number of parameters. The attack selects three points on the input image and based on their locations transforms the image into an adversarial example. By limiting the range of movement and location of these three points and using a discriminatory network, the proposed unrestricted adversarial example preserves the image…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques · Physical Unclonable Functions (PUFs) and Hardware Security