TY - GEN
T1 - Semantic adversarial attacks
T2 - 17th IEEE/CVF International Conference on Computer Vision, ICCV 2019
AU - Joshi, Ameya
AU - Mukherjee, Amitangshu
AU - Sarkar, Soumik
AU - Hegde, Chinmay
N1 - Funding Information:
∗This work was supported in part by NSF grants CCF-1750920, CNS-1845969, DARPA AIRA grant PA-18-02-02, AFOSR YIP Grant FA9550-17-1-0220, an ERP grant from ISU, a GPU gift grant from NVIDIA corp., and faculty fellowships from the Black and Veatch Foundation.
Publisher Copyright:
© 2019 IEEE.
PY - 2019/10
Y1 - 2019/10
N2 - Deep neural networks have been shown to exhibit an intriguing vulnerability to adversarial input images corrupted with imperceptible perturbations. However, the majority of adversarial attacks assume global, fine-grained control over the image pixel space. In this paper, we consider a different setting: What happens if the adversary could only alter specific attributes of the input image? These would generate inputs that might be perceptibly different, but still natural-looking and enough to fool a classifier. We propose a novel approach to generate such ''semantic'' adversarial examples by optimizing a particular adversarial loss over the range-space of a parametric conditional generative model. We demonstrate implementations of our attacks on binary classifiers trained on face images, and show that such natural-looking semantic adversarial examples exist. We evaluate the effectiveness of our attack on synthetic and real data, and present detailed comparisons with existing attack methods. We supplement our empirical results with theoretical bounds that demonstrate the existence of such parametric adversarial examples.
AB - Deep neural networks have been shown to exhibit an intriguing vulnerability to adversarial input images corrupted with imperceptible perturbations. However, the majority of adversarial attacks assume global, fine-grained control over the image pixel space. In this paper, we consider a different setting: What happens if the adversary could only alter specific attributes of the input image? These would generate inputs that might be perceptibly different, but still natural-looking and enough to fool a classifier. We propose a novel approach to generate such ''semantic'' adversarial examples by optimizing a particular adversarial loss over the range-space of a parametric conditional generative model. We demonstrate implementations of our attacks on binary classifiers trained on face images, and show that such natural-looking semantic adversarial examples exist. We evaluate the effectiveness of our attack on synthetic and real data, and present detailed comparisons with existing attack methods. We supplement our empirical results with theoretical bounds that demonstrate the existence of such parametric adversarial examples.
UR - http://www.scopus.com/inward/record.url?scp=85081938755&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85081938755&partnerID=8YFLogxK
U2 - 10.1109/ICCV.2019.00487
DO - 10.1109/ICCV.2019.00487
M3 - Conference contribution
AN - SCOPUS:85081938755
T3 - Proceedings of the IEEE International Conference on Computer Vision
SP - 4772
EP - 4782
BT - Proceedings - 2019 International Conference on Computer Vision, ICCV 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 October 2019 through 2 November 2019
ER -