Smooth adversarial examples - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Article Dans Une Revue EURASIP Journal on Information Security Année : 2020

Smooth adversarial examples

Résumé

This paper investigates the visual quality of the adversarial examples. Recent papers propose to smooth the perturbations to get rid of high frequency artifacts. In this work, smoothing has a different meaning as it perceptually shapes the perturbation according to the visual content of the image to be attacked. The perturbation becomes locally smooth on the flat areas of the input image, but it may be noisy on its textured areas and sharp across its edges. This operation relies on Laplacian smoothing, well-known in graph signal processing, which we integrate in the attack pipeline. We benchmark several attacks with and without smoothing under a white box scenario and evaluate their transferability. Despite the additional constraint of smoothness, our attack has the same probability of success at lower distortion.
Fichier principal
Vignette du fichier
smooth.pdf (2.51 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03017171 , version 1 (08-12-2020)

Identifiants

Citer

Hanwei Zhang, Yannis Avrithis, Teddy Furon, Laurent Amsaleg. Smooth adversarial examples. EURASIP Journal on Information Security, 2020, 2020 (1), ⟨10.1186/s13635-020-00112-z⟩. ⟨hal-03017171⟩
104 Consultations
97 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More