Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Walking on the Edge: Fast, Low-Distortion Adversarial Examples

Hanwei Zhang 1 Yannis Avrithis 1 Teddy Furon 1 Laurent Amsaleg 1
1 LinkMedia - Creating and exploiting explicit links between multimedia fragments
IRISA-D6 - MEDIA ET INTERACTIONS, Inria Rennes – Bretagne Atlantique
Abstract : Adversarial examples of deep neural networks are receiving ever increasing attention because they help in understanding and reducing the sensitivity to their input. This is natural given the increasing applications of deep neural networks in our everyday lives. When white-box attacks are almost always successful, it is typically only the distortion of the perturbations that matters in their evaluation. In this work, we argue that speed is important as well, especially when considering that fast attacks are required by adversarial training. Given more time, iterative methods can always find better solutions. We investigate this speed-distortion trade-off in some depth and introduce a new attack called boundary projection (BP) that improves upon existing methods by a large margin. Our key idea is that the classification boundary is a manifold in the image space: we therefore quickly reach the boundary and then optimize distortion on this manifold.
Document type :
Preprints, Working Papers, ...
Complete list of metadata

https://hal.inria.fr/hal-02404216
Contributor : Hanwei Zhang Connect in order to contact the contributor
Submitted on : Wednesday, December 11, 2019 - 11:10:06 AM
Last modification on : Tuesday, October 19, 2021 - 11:04:40 AM

Links full text

Identifiers

  • HAL Id : hal-02404216, version 1
  • ARXIV : 1912.02153

Citation

Hanwei Zhang, Yannis Avrithis, Teddy Furon, Laurent Amsaleg. Walking on the Edge: Fast, Low-Distortion Adversarial Examples. 2019. ⟨hal-02404216⟩

Share

Metrics

Record views

114