Universal adversarial perturbations

被引：1340

作者：

Moosavi-Dezfooli, Seyed-Mohsen ^{[1
]}

Fawzi, Alhussein ^{[1
]}

Fawzi, Omar ^{[2
]}

Frossard, Pascal ^{[1
]}

机构：

[1] Ecole Polytech Fed Lausanne, Lausanne, Switzerland

[2] Univ Lyon, ENS Lyon, CNRS, UCBL,INRIA,LIP,UMR 5668, Lyon, France

来源：

30TH IEEE CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR 2017) | 2017年

关键词：

D O I：

10.1109/CVPR.2017.17

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations, and show that state-of-the-art deep neural networks are highly vulnerable to such perturbations, albeit being quasi-imperceptible to the human eye. We further empirically analyze these universal perturbations and show, in particular, that they generalize very well across neural networks. The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of classifiers. It further outlines potential security breaches with the existence of single directions in the input space that adversaries can possibly exploit to break a classifier on most natural images.(1)

引用

页码：86 / 94

页数：9

共 22 条

[1] Nguyen A, 2015, PROC CVPR IEEE, P427, DOI 10.1109/CVPR.2015.7298640
[2] [Anonymous], 2016, 4 INT C LEARNING REP
[3] [Anonymous], 2015, ARXIV PREPRINT ARXIV
[4] [Anonymous], NEURAL INFORM PROCES
[5] [Anonymous], IEEE C COMP VIS PATT
[6] [Anonymous], 2014, P BRIT MACH VIS C 20
[7] [Anonymous], NEURAL INFORM PROCES
[8] [Anonymous], 2016, IEEE INT JOINT C NEU
[9] [Anonymous], 2016, IEEE C COMP VIS PATT
[10] [Anonymous], 2016, FINE GRAINED RECOGNI

← 1 2 3 →