Improving Visual Quality of Unrestricted Adversarial Examples with Wavelet-VAE
Wenzhao Xiang, Chang Liu, Shibao Zheng
TL;DR
This paper introduces a wavelet-VAE approach to generate high-quality, unrestricted adversarial examples by modifying latent codes, posing new challenges to AI safety with imperceptible image alterations.
Contribution
The paper proposes a novel wavelet-VAE method for creating unrestricted adversarial examples by latent code modification, differing from traditional perturbation-based attacks.
Findings
Generates high-quality adversarial images on ImageNet
Modifications are imperceptible to humans
Effective alternative to perturbation-based attacks
Abstract
Traditional adversarial examples are typically generated by adding perturbation noise to the input image within a small matrix norm. In practice, un-restricted adversarial attack has raised great concern and presented a new threat to the AI safety. In this paper, we propose a wavelet-VAE structure to reconstruct an input image and generate adversarial examples by modifying the latent code. Different from perturbation-based attack, the modifications of the proposed method are not limited but imperceptible to human eyes. Experiments show that our method can generate high quality adversarial examples on ImageNet dataset.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Generative Adversarial Networks and Image Synthesis · Digital Media Forensic Detection