ADef: an Iterative Algorithm to Construct Adversarial Deformations

Rima Alaifari; Giovanni S. Alberti; Tandri Gauksson

ADef: an Iterative Algorithm to Construct Adversarial Deformations

Rima Alaifari, Giovanni S. Alberti, Tandri Gauksson

Published: 21 Dec 2018, Last Modified: 21 Apr 2024ICLR 2019 Conference Blind SubmissionReaders: Everyone

Abstract: While deep neural networks have proven to be a powerful tool for many recognition and classification tasks, their stability properties are still not well understood. In the past, image classifiers have been shown to be vulnerable to so-called adversarial attacks, which are created by additively perturbing the correctly classified image. In this paper, we propose the ADef algorithm to construct a different kind of adversarial attack created by iteratively applying small deformations to the image, found through a gradient descent step. We demonstrate our results on MNIST with convolutional neural networks and on ImageNet with Inception-v3 and ResNet-101.

Keywords: Adversarial examples, deformations, deep neural networks, computer vision

TL;DR: We propose a new, efficient algorithm to construct adversarial examples by means of deformations, rather than additive perturbations.

Code: [![Papers with Code](/images/pwc_icon.svg) 2 community implementations](https://paperswithcode.com/paper/?openreview=Hk4dFjR5K7)

Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 3 code implementations](https://www.catalyzex.com/paper/arxiv:1804.07729/code)

12 Replies

Loading