Semantic adversarial attacks: Parametric transformations that fool deep classifiers

Ameya Joshi, Amitangshu Mukherjee, Soumik Sarkar, Chinmay Hegde

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Deep neural networks have been shown to exhibit an intriguing vulnerability to adversarial input images corrupted with imperceptible perturbations. However, the majority of adversarial attacks assume global, fine-grained control over the image pixel space. In this paper, we consider a different setting: What happens if the adversary could only alter specific attributes of the input image? These would generate inputs that might be perceptibly different, but still natural-looking and enough to fool a classifier. We propose a novel approach to generate such ''semantic'' adversarial examples by optimizing a particular adversarial loss over the range-space of a parametric conditional generative model. We demonstrate implementations of our attacks on binary classifiers trained on face images, and show that such natural-looking semantic adversarial examples exist. We evaluate the effectiveness of our attack on synthetic and real data, and present detailed comparisons with existing attack methods. We supplement our empirical results with theoretical bounds that demonstrate the existence of such parametric adversarial examples.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2019 International Conference on Computer Vision, ICCV 2019
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages4772-4782
    Number of pages11
    ISBN (Electronic)9781728148038
    DOIs
    StatePublished - Oct 2019
    Event17th IEEE/CVF International Conference on Computer Vision, ICCV 2019 - Seoul, Korea, Republic of
    Duration: Oct 27 2019Nov 2 2019

    Publication series

    NameProceedings of the IEEE International Conference on Computer Vision
    Volume2019-October
    ISSN (Print)1550-5499

    Conference

    Conference17th IEEE/CVF International Conference on Computer Vision, ICCV 2019
    Country/TerritoryKorea, Republic of
    CitySeoul
    Period10/27/1911/2/19

    ASJC Scopus subject areas

    • Software
    • Computer Vision and Pattern Recognition

    Fingerprint

    Dive into the research topics of 'Semantic adversarial attacks: Parametric transformations that fool deep classifiers'. Together they form a unique fingerprint.

    Cite this