A Perceptual Distortion Reduction Framework: Towards Generating Adversarial Examples with High Perceptual Quality and Attack Success Rate

TL;DR

This paper introduces a framework for generating adversarial examples that maintain high perceptual quality while achieving high attack success rates, by optimizing perceptual distortion constraints and adaptively balancing sample discrepancies.

Contribution

It proposes a novel perceptual distortion reduction framework with a perceptual constraint and adaptive penalty, improving the quality of adversarial examples compared to existing methods.

Findings

Outperforms existing adversarial attack methods in perceptual quality.

Effectively balances attack success rate and perceptual distortion.

Validated through extensive experiments.

Abstract

Most of the adversarial attack methods suffer from large perceptual distortions such as visible artifacts, when the attack strength is relatively high. These perceptual distortions contain a certain portion which contributes less to the attack success rate. This portion of distortions, which is induced by unnecessary modifications and lack of proper perceptual distortion constraint, is the target of the proposed framework. In this paper, we propose a perceptual distortion reduction framework to tackle this problem from two perspectives. Firstly, we propose a perceptual distortion constraint and add it into the objective function to jointly optimize the perceptual distortions and attack success rate. Secondly, we propose an adaptive penalty factor $\lambda$ to balance the discrepancies between different samples. Since SGD and Momentum-SGD cannot optimize our complex non-convex problem, we exploit Adam in optimization. Extensive experiments have verified the superiority of our proposed framework.