DeepFool: a simple and accurate method to fool deep neural networks

被引:3143
作者
Moosavi-Dezfooli, Seyed-Mohsen [1 ]
Fawzi, Alhussein [1 ]
Frossard, Pascal [1 ]
机构
[1] Ecole Polytech Fed Lausanne, Lausanne, Switzerland
来源
2016 IEEE CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR) | 2016年
关键词
D O I
10.1109/CVPR.2016.282
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
State-of-the-art deep neural networks have achieved impressive results on many image classification tasks. However, these same architectures have been shown to be unstable to small, well sought, perturbations of the images. Despite the importance of this phenomenon, no effective methods have been proposed to accurately compute the robustness of state-of-the-art deep classifiers to such perturbations on large-scale datasets. In this paper, we fill this gap and propose the DeepFool algorithm to efficiently compute perturbations that fool deep networks, and thus reliably quantify the robustness of these classifiers. Extensive experimental results show that our approach outperforms recent methods in the task of computing adversarial perturbations and making classifiers more robust.(1)
引用
收藏
页码:2574 / 2582
页数:9
相关论文
共 21 条
[1]  
Nguyen A, 2015, PROC CVPR IEEE, P427, DOI 10.1109/CVPR.2015.7298640
[2]  
[Anonymous], ARE DEEP LEARNING AL
[3]  
[Anonymous], ABS14125068 CORR
[4]  
[Anonymous], BRIT MACH VIS C BMVC
[5]  
[Anonymous], 2006, NONLINEAR OPTIMIZATI
[6]  
[Anonymous], ABS150202590 CORR
[7]  
[Anonymous], 2014, P INT C LEARN REPR I
[8]  
[Anonymous], 2014, PROC 2 INT C LEARN R
[9]  
Baldi P., 2014, P 5 ACM C BIOINF COM
[10]  
Goodfellow Ian J, 2015, INT C LEARN REPR ICL
123