Abstract
Neural networks are now actively being used for computer vision tasks in security critical areas such as robotics, face recognition, autonomous vehicles yet their safety is under question after the discovery of adversarial attacks. In this paper we develop simplified adversarial attack algorithms based on a scoping idea, which enables execution of fast adversarial attacks that minimize structural image quality (SSIM) loss, allows performing efficient transfer attacks with low target inference network call count and opens a possibility of an attack using pen-only drawings on a paper for the MNIST handwritten digit dataset. The presented adversarial attack analysis and the idea of attack scoping can be easily expanded to different datasets, thus making the paper's results applicable to a wide range of practical tasks.
Abstract (translated)
神经网络目前正积极地被用于安全关键领域的计算机视觉任务,如机器人、人脸识别、自动车辆,但在发现对抗性攻击后,它们的安全性受到质疑。在本文中,我们基于范围界定的思想,开发了简化的对抗攻击算法,该算法能够执行快速的对抗攻击,使结构图像质量(ssim)损失最小化,允许在低目标推理网络调用计数的情况下执行有效的转移攻击,并打开了使用仅笔绘制的用于mnist手写数字数据集的纸张。本文提出的对抗性攻击分析和攻击范围界定的思想可以很容易地扩展到不同的数据集,从而使本文的结果适用于广泛的实际任务。
URL
https://arxiv.org/abs/1904.10390
