Analysis of classifiers’ robustness to adversarial perturbations

Fawzi, Alhussein; Fawzi, Omar; Frossard, Pascal

doi:10.1007/s10994-017-5663-3

Cited by 249 publications

(215 citation statements)

References 20 publications

Supporting

Mentioning

193

Contrasting

Order By: Relevance

“…Moosavi-Dezfooli et al [41] prove the existence of an image-agnostic adversarial perturbation. Fawzi et al [15] extend this to theoretically show that every classifier is vulnerable to adversarial attacks. Moosavi-Dezfooli et alfurther consider the effect of the curvature of the decision boundaries on the existence of adversarial examples in [43].…”

Section: A Related Workmentioning

confidence: 94%

Semantic Adversarial Attacks: Parametric Transformations That Fool Deep Classifiers

Joshi

Mukherjee

Sarkar

et al. 2019

2019 IEEE/CVF International Conference on Computer Vision (ICCV)

View full text Add to dashboard Cite

Deep neural networks have been shown to exhibit an intriguing vulnerability to adversarial input images corrupted with imperceptible perturbations. However, the majority of adversarial attacks assume global, fine-grained control over the image pixel space. In this paper, we consider a different setting: what happens if the adversary could only alter specific attributes of the input image? These would generate inputs that might be perceptibly different, but still natural-looking and enough to fool a classifier. We propose a novel approach to generate such "semantic" adversarial examples by optimizing a particular adversarial loss over the range-space of a parametric conditional generative model. We demonstrate implementations of our attacks on binary classifiers trained on face images, and show that such natural-looking semantic adversarial examples exist. We evaluate the effectiveness of our attack on synthetic and real data, and present detailed comparisons with existing attack methods. We supplement our empirical results with theoretical bounds that demonstrate the existence of such parametric adversarial examples.Outline: We begin with a review of relevant literature in Section 2. We describe our proposed framework, Semantic Adversarial Generation, in section 3. In Section 4 we describe two variants of our framework to show different methods of ensuring the semantic constraint. We provide empirical analysis of our work in Section 5. We further present

show abstract

Section: A Related Workmentioning

confidence: 94%

Semantic Adversarial Attacks: Parametric Transformations That Fool Deep Classifiers

Joshi

Mukherjee

Sarkar

et al. 2019

2019 IEEE/CVF International Conference on Computer Vision (ICCV)

View full text Add to dashboard Cite

show abstract

“…The robustness of image classifiers to structured and unstructured perturbations have recently attracted a lot of attention [19,16,20,3,4,12,13,14]. Despite the impressive performance of deep neural network architectures on challenging visual classification benchmarks [6,9,21,10], these classifiers were shown to be highly vulnerable to perturbations.…”

Section: Introductionmentioning

confidence: 99%

Universal Adversarial Perturbations

Moosavi-Dezfooli

Fawzi

et al. 2017

2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)

Self Cite

2,227

1,976

View full text Add to dashboard Cite

Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations, and show that state-of-the-art deep neural networks are highly vulnerable to such perturbations, albeit being quasiimperceptible to the human eye. We further empirically analyze these universal perturbations and show, in particular, that they generalize very well across neural networks. The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of classifiers. It further outlines potential security breaches with the existence of single directions in the input space that adversaries can possibly exploit to break a classifier on most natural images.

show abstract

“…However, this drop is compensated by a better accommodation to deviations of the inputs, as reported by the Mean Corruption Error (MCE) scores (see [28]). Such a trade-off between accuracy and robustness has been discussed in [29]. For this experiment, we fixed k to its maximum value, d = 200, α = 2 and we used 10-NN as a classifier when using the graph smoothness loss.…”

Section: Robustnessmentioning

confidence: 99%

Introducing Graph Smoothness Loss for Training Deep Learning Architectures

Bontonou¹,

Lassance²,

Hacene³

et al. 2019

2019 IEEE Data Science Workshop (DSW)

View full text Add to dashboard Cite

We introduce a novel loss function for training deep learning architectures to perform classification. It consists in minimizing the smoothness of label signals on similarity graphs built at the output of the architecture. Equivalently, it can be seen as maximizing the distances between the network function images of training inputs from distinct classes. As such, only distances between pairs of examples in distinct classes are taken into account in the process, and the training does not prevent inputs from the same class to be mapped to distant locations in the output domain. We show that this loss leads to similar performance in classification as architectures trained using the classical cross-entropy, while offering interesting degrees of freedom and properties. We also demonstrate the interest of the proposed loss to increase robustness of trained architectures to deviations of the inputs.

show abstract

Analysis of classifiers’ robustness to adversarial perturbations

Cited by 249 publications

References 20 publications

Semantic Adversarial Attacks: Parametric Transformations That Fool Deep Classifiers

Semantic Adversarial Attacks: Parametric Transformations That Fool Deep Classifiers

Universal Adversarial Perturbations

Introducing Graph Smoothness Loss for Training Deep Learning Architectures

Contact Info

Product

Resources

About