计算机科学
对抗制
一般化
约束(计算机辅助设计)
集合(抽象数据类型)
相似性(几何)
可视化
人工智能
语义学(计算机科学)
机器学习
特征(语言学)
脆弱性(计算)
极限(数学)
模式识别(心理学)
图像(数学)
数学
数学分析
语言学
哲学
几何学
程序设计语言
计算机安全
作者
Cheng Luo,Qinliang Lin,Weicheng Xie,Bizhu Wu,Jinheng Xie,Linlin Shen
标识
DOI:10.1109/cvpr52688.2022.01488
摘要
Current adversarial attack research reveals the vulnerability of learning-based classifiers against carefully crafted perturbations. However, most existing attack methods have inherent limitations in cross-dataset generalization as they rely on a classification layer with a closed set of categories. Furthermore, the perturbations generated by these methods may appear in regions easily perceptible to the human visual system (HVS). To circumvent the former problem, we propose a novel algorithm that attacks semantic similarity on feature representations. In this way, we are able to fool classifiers without limiting attacks to a specific dataset. For imperceptibility, we introduce the low-frequency constraint to limit perturbations within high-frequency components, ensuring perceptual similarity between adversarial examples and originals. Extensive experiments on three datasets (CIFAR-10, CIFAR-100, and ImageNet-1K) and three public online platforms indicate that our attack can yield misleading and transferable adversarial examples across architectures and datasets. Additionally, visualization results and quantitative performance (in terms of four different metrics) show that the proposed algorithm generates more imperceptible perturbations than the state-of-the-art methods. Code is made available at https://github.com/LinQinLiang/SSAH-adversarial-attack.
科研通智能强力驱动
Strongly Powered by AbleSci AI