Published on Sun Jan 31 2021

Towards Imperceptible Query-limited Adversarial Attacks with Perceptual Feature Fidelity Loss

Pengrui Quan, Ruiming Guo, Mani Srivastava

Researchers usually use Lp-norm minimization as a proxy for imperceptibility. The metric is particularly useful in challenging black-box attack with limited queries, where the non-trivial perturbation power is hard to achieve.

0
0
0
Abstract

Recently, there has been a large amount of work towards fooling deep-learning-based classifiers, particularly for images, via adversarial inputs that are visually similar to the benign examples. However, researchers usually use Lp-norm minimization as a proxy for imperceptibility, which oversimplifies the diversity and richness of real-world images and human visual perception. In this work, we propose a novel perceptual metric utilizing the well-established connection between the low-level image feature fidelity and human visual sensitivity, where we call it Perceptual Feature Fidelity Loss. We show that our metric can robustly reflect and describe the imperceptibility of the generated adversarial images validated in various conditions. Moreover, we demonstrate that this metric is highly flexible, which can be conveniently integrated into different existing optimization frameworks to guide the noise distribution for better imperceptibility. The metric is particularly useful in the challenging black-box attack with limited queries, where the imperceptibility is hard to achieve due to the non-trivial perturbation power.

Fri Oct 30 2020
Machine Learning
Perception Improvement for Free: Exploring Imperceptible Black-box Adversarial Attacks on Image Classification
White-box attacks can fool neural networks with small adversarial perturbations. We propose structure-aware adversarial attacks by generating adversarial images based on psychological perceptual models. With the comparable perceptual quality, the proposed approaches achieve higher attack successes.
0
0
0
Tue Jul 21 2020
Machine Learning
Towards Visual Distortion in Black-Box Attacks
Constructing adversarial examples in a black-box threat model injures the original images by introducing visual distortion. We propose a new way to minimize the induced visual distortion by learning the noise distribution of the adversarial example. We validate the effectiveness of our attack on ImageNet.
0
0
0
Sun Feb 14 2021
Machine Learning
Perceptually Constrained Adversarial Attacks
The structural similarity index (SSIM) measure was developed originally to measure the perceptions of images. SSIM-constrained adversarial attacks can break state-of-the-art classifiers and achieve similar or larger success rate than the elastic net attack.
0
0
0
Sat Jun 01 2019
Machine Learning
Perceptual Evaluation of Adversarial Attacks for CNN-based Image Classification
Deep neural networks (DNNs) have recently achieved state-of-the-art performance and provide significant progress in many machine learning tasks. Recent studies have shown that DNNs are vulnerable to adversarial attacks. We present a database for visual fidelity assessment of adversarial examples.
0
0
0
Tue Sep 10 2019
Artificial Intelligence
FDA: Feature Disruptive Attack
Deep Neural Networks show excellent performance across various computer vision tasks. Adversarial sample generation methods range from simple to complex optimization techniques. We propose a new adversarial attack FDA: Feature Disruptive Attack, to address the drawbacks of existing attacks.
0
0
0
Mon Jan 06 2020
Machine Learning
Generating Semantic Adversarial Examples via Feature Manipulation
The vulnerability of deep neural networks to adversarial attacks has been demonstrated. Traditional attacks perform unstructured pixel-wise perturbation to fool the classifier. We propose a more practical adversarial attack by designing structured perturbations with semantic meanings.
0
0
0