Zhang, Yanghao, Ruan, Wenjie, Wang, Fu and Huang, Xiaowei 
ORCID: 0000-0001-6267-0366
(2020)
Generalizing Universal Adversarial Attacks Beyond Additive Perturbations.
In: 2020 IEEE International Conference on Data Mining (ICDM), 2020-11-17 - 2020-11-20.
Abstract
The previous study has shown that universal adversarial attacks can fool deep neural networks over a large set of input images with a single human-invisible perturbation. However, current methods for universal adversarial attacks are based on additive perturbation, which cause misclassification when the perturbation is directly added to the input images. In this paper, for the first time, we show that a universal adversarial attack can also be achieved via non-additive perturbation (e.g., spatial transformation). More importantly, to unify both additive and non-additive perturbations, we propose a novel unified yet flexible framework for universal adversarial attacks, called GUAP, which is able to initiate attacks by additive perturbation, non-additive perturbation, or the combination of both. Extensive experiments are conducted on ImageNet dataset with several deep neural network models including GoogLeNet, VGG and ResNet. The empirical experiments demonstrate that GUAP can obtain up to 99.24% successful attack rate on ImageNet dataset, leading to over 19% improvements than current state-of-the-art universal adversarial attacks. The code for reproducing the experiments in this paper is available at https://github.com/TrustAI/GUAP.
| Item Type: | Conference or Workshop Item (Unspecified) |
|---|---|
| Uncontrolled Keywords: | Deep Learning, Adversarial Examples, Security, Deep Neural Networks |
| Divisions: | Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science |
| Depositing User: | Symplectic Admin |
| Date Deposited: | 16 Aug 2021 14:33 |
| Last Modified: | 18 Jan 2023 21:33 |
| DOI: | 10.1109/ICDM50108.2020.00186 |
| Open Access URL: | https://arxiv.org/pdf/2010.07788.pdf |
| Related URLs: | |
| URI: | https://livrepository.liverpool.ac.uk/id/eprint/3133703 |
Dimensions
Dimensions
