Scale-free and Task-agnostic Attack: Generating Photo-realistic Adversarial Patterns with Patch Quilting Generator

TL;DR

This paper introduces PQ-GAN, a scale-free generative adversarial network that creates highly transferable, robust, and photo-realistic adversarial patterns applicable across various image scales and tasks, outperforming existing methods.

Contribution

The paper presents the first scale-free CNN generator for adversarial attacks, enabling effective attacks on images of arbitrary scales with improved transferability and robustness.

Findings

Outperforms nine state-of-the-art attack methods on ImageNet and CityScapes datasets.

Generates adversarial patterns with high transferability and robustness.

Produces photo-realistic adversarial images applicable across different scales.

Abstract

\noindent Traditional L_p norm-restricted image attack algorithms suffer from poor transferability to black box scenarios and poor robustness to defense algorithms. Recent CNN generator-based attack approaches can synthesize unrestricted and semantically meaningful entities to the image, which is shown to be transferable and robust. However, such methods attack images by either synthesizing local adversarial entities, which are only suitable for attacking specific contents or performing global attacks, which are only applicable to a specific image scale. In this paper, we propose a novel Patch Quilting Generative Adversarial Networks (PQ-GAN) to learn the first scale-free CNN generator that can be applied to attack images with arbitrary scales for various computer vision tasks. The principal investigation on transferability of the generated adversarial examples, robustness to defense frameworks, and visual quality assessment show that the proposed PQG-based attack framework outperforms the other nine state-of-the-art adversarial attack approaches when attacking the neural networks trained on two standard evaluation datasets (i.e., ImageNet and CityScapes).