Go to ICMCS 2021 homepageUndetectable Adversarial Examples Based on Microscopical Regularization
Abstract: Recent works have demonstrated that neural networks are vulnerable to adversarial examples. Although existing methods have achieved satisfactory attack success rates, most adversarial examples can be detected by statistical analysis and further removed. In previous methods, adversarial perturbations are added using adversarial loss and distance metrics, in which the positions of modified pixels are not considered. In this paper, we elaborate a microscopical regularization that introduces adversarial perturbations onto rich texture regions. The microscopical regularization is used to evaluate pixel-level differences between a normal image and its adversarial version. We further propose a novel optimization strategy of modification probability matrices to minimize the loss function that satisfies the restriction of L <inf xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">∞</inf> . Through extensive experiments, we show that our method can resist statistical analysis by a large margin and achieve better visual quality than others. The proposed microscopical regularization can also be combined with existing approaches to enhance the undetectability and robustness.
0 Replies
Loading