Abstract
Recent studies have shown that state-of-the-art deep learning models are vulnerable to the inputs with small perturbations (adversarial examples). We observe two critical obstacles in adversarial examples: (i) Strong adversarial attacks require manually tuning hyper-parameters, which take longer time to construct a single adversarial example, making it impractical to attack real-time systems; (ii) Most of the studies focus on non-sequential tasks, such as image classification and object detection. Only a few consider sequential tasks. Despite extensive research studies, the cause of adversarial examples remains an open problem, especially on sequential tasks. We propose an adaptive adversarial attack, called AdaptiveAttack, to speed up the process of generating adversarial examples. To validate its effectiveness, we leverage the scene text detection task as a case study of sequential adversarial examples. We further visualize the generated adversarial examples to analyze the cause of sequential adversarial examples. AdaptiveAttack achieved over 99.9\% success rate with 3-6 times speedup compared to state-of-the-art adversarial attacks.
Abstract (translated)
最近的研究表明,最先进的深度学习模型容易受到小扰动的输入(对抗性的例子)。我们在对抗性示例中观察到两个关键障碍:(i)强对抗性攻击需要手动调整超参数,这需要更长的时间来构建单个对抗性示例,使得攻击实时系统变得不切实际; (ii)大多数研究都集中在非连续任务上,例如图像分类和物体检测。只有少数人考虑顺序任务。尽管进行了广泛的研究,对抗性例子的原因仍然是一个悬而未决的问题,尤其是在顺序任务上。我们提出了一种称为AdaptiveAttack的自适应对抗攻击,以加速生成对抗性示例的过程。为了验证其有效性,我们利用场景文本检测任务作为顺序对抗示例的案例研究。我们进一步可视化生成的对抗性示例,以分析顺序对抗示例的原因。与最先进的对抗性攻击相比,AdaptiveAttack的成功率达到了99.9%以上,加速度提高了3-6倍。
URL
https://arxiv.org/abs/1807.03326