A CycleGAN Adversarial Attack Method Based on Output Diversification Initialization. Issue 1 (June 2021)
- Record Type:
- Journal Article
- Title:
- A CycleGAN Adversarial Attack Method Based on Output Diversification Initialization. Issue 1 (June 2021)
- Main Title:
- A CycleGAN Adversarial Attack Method Based on Output Diversification Initialization
- Authors:
- Liu, Peiyuan
Sun, Lei
Mao, XiuQin
Dai, Leyu
Guo, Song
Yang, Yu - Abstract:
- Abstract: The powerful image generation capabilities of generative adversarial networks (GAN) bring great threats to applications related to images. Style transfer networks realize the style transform between image domains through which we can easily modify images like portraits and calligraphy. To eliminate the negative impact caused by the forged images, there emerged technical methods to detect forged images, which might trigger remedial actions afterwards but cannot prevent maliciously tampered content from spreading over network media. Therefore, some scholars put forward the idea of protecting images from hostile generative networks with adversarial attack. However, the initial random noise of adversarial perturbation cannot be effectively mapped to the output space. In order to improve the visual effect of adversarial attacks, this paper proposes an adversarial attack algorithm based on output diversification initialization (ODI) for CycleGAN. We firstly utilize output diversification initialization to find an effective starting point for the adversarial attack, and then we use Project Gradient Descent (PGD) to iteratively attack the style transfer network by modifying the adversarial loss function. Experimental results demonstrate that the introduction of ODI can effectively enlarge the distance between the adversarial output and the original output. It achieves better results in identifying the forged images generated by the targeted model, and does notAbstract: The powerful image generation capabilities of generative adversarial networks (GAN) bring great threats to applications related to images. Style transfer networks realize the style transform between image domains through which we can easily modify images like portraits and calligraphy. To eliminate the negative impact caused by the forged images, there emerged technical methods to detect forged images, which might trigger remedial actions afterwards but cannot prevent maliciously tampered content from spreading over network media. Therefore, some scholars put forward the idea of protecting images from hostile generative networks with adversarial attack. However, the initial random noise of adversarial perturbation cannot be effectively mapped to the output space. In order to improve the visual effect of adversarial attacks, this paper proposes an adversarial attack algorithm based on output diversification initialization (ODI) for CycleGAN. We firstly utilize output diversification initialization to find an effective starting point for the adversarial attack, and then we use Project Gradient Descent (PGD) to iteratively attack the style transfer network by modifying the adversarial loss function. Experimental results demonstrate that the introduction of ODI can effectively enlarge the distance between the adversarial output and the original output. It achieves better results in identifying the forged images generated by the targeted model, and does not significantly increase the disturbance, which can guarantee the normal use of original images. … (more)
- Is Part Of:
- Journal of physics. Volume 1948:Issue 1(2021)
- Journal:
- Journal of physics
- Issue:
- Volume 1948:Issue 1(2021)
- Issue Display:
- Volume 1948, Issue 1 (2021)
- Year:
- 2021
- Volume:
- 1948
- Issue:
- 1
- Issue Sort Value:
- 2021-1948-0001-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-06
- Subjects:
- Physics -- Congresses
530.5 - Journal URLs:
- http://www.iop.org/EJ/journal/1742-6596 ↗
http://ioppublishing.org/ ↗ - DOI:
- 10.1088/1742-6596/1948/1/012041 ↗
- Languages:
- English
- ISSNs:
- 1742-6588
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5036.223000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 17441.xml