Universal adversarial perturbations generative network

Recently, adversarial attack against Deep Neural Networks (DNN) have drawn very keen interest of researchers. Existence of universal adversarial perturbations could empower the cases where could not generate the image-dependent adversarial examples, which are known to be very successful on image classification. Previous work are mainly optimization-based, which take a long time to search perturbations, and the obtained adversarial examples are not so real and can be easily defensed. Moreover the researches on universal adversarial perturbation against vision-language systems are few. In our work, we novelly construct a GenerAtive Network for Universal Adversarial Perturbations, dubbed as UAP-GAN, to study the robustness of image classification and captioning systems, based on convolutional neural networks and plus recurrent neural networks, respectively. Specifically, our proposed UAP-GAN improves the framework of GAN to compute universal adversarial perturbations, with the input of a fixed random noise. Comparing to existing methods, our UAP-GAN method has four main characteristics: fast generation, high attack success rate, close to natural image, yet difficult to defense. In addition, our proposed model could produce image-agnostic perturbations for targeted and non-targeted attacks, according to the selected scene. In the end, our comprehensive experiments on MSCOCO and ImageNet, demonstrate the clear superiority to the existing work, and also prove that our UAP-GAN architecture could effectively fool the image captioning and classification models with splendid results, yet avoid the redesign of framework for different tasks.