AT-GAN: An Adversarial Generative Model for Non-constrained Adversarial Examples

Xiaosen Wang; Kun He; Chuanbiao Song; Liwei Wang; John E. Hopcroft

AT-GAN: An Adversarial Generative Model for Non-constrained Adversarial Examples

Xiaosen Wang, Kun He, Chuanbiao Song, Liwei Wang, John E. Hopcroft

28 Sept 2020 (modified: 05 May 2023)ICLR 2021 Conference Blind SubmissionReaders: Everyone

Keywords: adversarial examples, adversarial attack, generation-based attack, adversarial generative model, non-constrained adversarial examples

Abstract: With the rapid development of adversarial machine learning, numerous adversarial attack methods have been proposed. Typical attacks are based on a search in the neighborhood of input image to generate a perturbed adversarial example. Since 2017, generative models are adopted for adversarial attacks, and most of them focus on generating adversarial perturbations from input noise or input image. Thus the output is restricted by input for these works. A recent work targets unrestricted adversarial example using generative model but their method is based on a search in the neighborhood of input noise, so actually their output is still constrained by input. In this work, we propose AT-GAN (Adversarial Transfer on Generative Adversarial Net) to train an adversarial generative model that can directly produce adversarial examples. Different from previous works, we aim to learn the distribution of adversarial examples so as to generate semantically meaningful adversaries. AT-GAN achieves this goal by first learning a generative model for real data, followed by transfer learning to obtain the desired generative model. Once trained and transferred, AT-GAN could generate adversarial examples directly and quickly for any input noise, denoted as non-constrained adversarial examples. Extensive experiments and visualizations show that AT-GAN can efficiently generate diverse adversarial examples that are realistic to human perception, and yields higher attack success rates against adversarially trained models.

One-sentence Summary: We propose to train an adversarial generative model called AT-GAN that aims to learn the distribution of adversarial examples, and can directly produce adversarial examples once trained.

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics

Supplementary Material: zip

Reviewed Version (pdf): https://openreview.net/references/pdf?id=2GnmjM7e8v

9 Replies

Loading