Mask-guided noise restriction adversarial attacks for image classification. Issue 100 (January 2021)
- Record Type:
- Journal Article
- Title:
- Mask-guided noise restriction adversarial attacks for image classification. Issue 100 (January 2021)
- Main Title:
- Mask-guided noise restriction adversarial attacks for image classification
- Authors:
- Duan, Yexin
Zhou, Xingyu
Zou, Junhua
Qiu, Junyang
Zhang, Jin
Pan, Zhisong - Abstract:
- Abstract: Deep neural networks (DNNs) are vulnerable to adversarial examples, which are generated by adding small noises to the benign examples, but make a deep model output inaccurate predictions. The noises are often imperceptible to humans, but are more likely to be perceived for the images with plain backgrounds or increased noise size. To address this issue, we propose a mask-guided adversarial attack method to remove the noises of semantically irrelevant regions in the backgrounds and make the adversarial noises more imperceptible. In addition, we enhance the transferability of the adversarial examples by rotation input strategy. We first convert the image saliency maps produced by the salient object detection technique to binary masks, then we combine the proposed rotation input strategy with iterative attack method to generate stronger adversarial images, and use the binary masks to restrict the noises to the salient objects/regions at each iteration. Experimental results show that the noises of the resultant adversarial examples are far less visible than the vanilla global noise adversarial examples, and our best attack reaches an average success rate of 85.9% under the black-box attack setting, demonstrating the effectiveness of the proposed method.
- Is Part Of:
- Computers & security. Issue 100(2021)
- Journal:
- Computers & security
- Issue:
- Issue 100(2021)
- Issue Display:
- Volume 100, Issue 100 (2021)
- Year:
- 2021
- Volume:
- 100
- Issue:
- 100
- Issue Sort Value:
- 2021-0100-0100-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-01
- Subjects:
- Deep neural network -- Noise restriction -- Adversarial example -- Transferability -- Adversarial attack
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.102111 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 15358.xml