A Theoretically Grounded Extension of Universal Attacks from the Attacker's Viewpoint

Jordan Frecon; Paul Viallard; Emilie Morvant; Gilles Gasso; Amaury Habrard; Stephane Canu

A Theoretically Grounded Extension of Universal Attacks from the Attacker's Viewpoint

Jordan Frecon, Paul Viallard, Emilie Morvant, Gilles Gasso, Amaury Habrard, Stephane Canu

22 Sept 2023 (modified: 25 Mar 2024)ICLR 2024 Conference Withdrawn SubmissionEveryoneRevisionsBibTeX

Keywords: adversarial attack, universal perturbation, generalization bound

Abstract: This paper extends universal attacks by jointly learning a set of perturbations to choose from in order to maximize the chance to attack deep neural network models. In addition, we embrace the attacker's perspective and introduce a theoretical bound quantifying how much the universal perturbations are able to fool a given model on unseen examples. An extension to assert the transferability of universal attacks is also provided. To learn such perturbations, we devise an algorithmic solution with convergence guarantees under Lipschitz continuity assumptions. We also demonstrate how it can improve the performance of state-of-the-art gradient-based universal perturbation. In practice, these novel universal perturbations result in more interpretable, diverse, and transferable attacks, as evidenced by our experiments.

Supplementary Material: zip

Primary Area: general machine learning (i.e., none of the above)

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 5539

Loading