• Corpus ID: 231918657

Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards A Fourier Perspective

@article{Zhang2021UniversalAP,
  title={Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards A Fourier Perspective},
  author={Chaoning Zhang and Philipp Benz and Adil Karjauv and In So Kweon},
  journal={ArXiv},
  year={2021},
  volume={abs/2102.06479}
}
The booming interest in adversarial attacks stems from a misalignment between human vision and a deep neural network (DNN), i.e. a human imperceptible perturbation fools the DNN. Moreover, a single perturbation, often called universal adversarial perturbation (UAP), can be generated to fool the DNN for most images. A similar misalignment phenomenon has also been observed in the deep steganography task, where a decoder network can retrieve a secret image back from a slightly perturbed cover… 
Data-free Universal Adversarial Perturbation and Black-box Attack
TLDR
This work proposes to exploit artificial Jigsaw images as the training samples, demonstrating competitive performance and investigates the possibility of exploiting the UAP for a data-free black-box attack which is arguably the most practical yet challenging threat model.
Adversarial Robustness Comparison of Vision Transformer and MLP-Mixer to CNNs
TLDR
Overall, it is found that the two architectures, especially ViT, are more robust than their CNN models, and frequency analysis suggests that the most robust ViT architectures tend to rely more on low-frequency features compared with CNNs.
Invertible Image Dataset Protection
TLDR
A reversible adversarial example generator (RAEG) is developed that introduces slight changes to the images to fool traditional classification models and can better protect the data with slight distortion against adversarial defense than previous methods.
Universal Adversarial Training with Class-Wise Perturbations
TLDR
This work improves the SOTA UAT by proposing to utilize class-wise UAPs during adversarial training, which leads superior performance for both clean accuracy and adversarial robustness against universal attack.
Robustness May Be at Odds with Fairness: An Empirical Study on Class-wise Accuracy
TLDR
An empirical study on the class-wise accuracy and robustness of adversarially trained models and investigates the phenomenon of inter-class discrepancy universal for other classification benchmark datasets on other seminal model architectures with various optimization hyper-parameters.
Towards Robust Deep Hiding Under Non-Differentiable Distortions for Practical Blind Watermarking
TLDR
This work explores the gain of enhanced robustness from ASL from a new perspective by disentangling the forward and backward propagation of such ASL, and finds that the main influential component is forward propagation instead of backward propagation.
Reversible Adversarial Attack based on Reversible Image Transformation
TLDR
This paper takes advantage of Reversible Image Transformation technique to generate RAE and achieve reversible adversarial attack.
Investigating Top-k White-Box and Transferable Black-box Attack
TLDR
This work proposes a new normalized CE loss that guides the logit to be updated in the direction of implicitly maximizing its rank distance from the ground-truth class, and identifies that the weakness of the commonly used losses lie in prioritizing the speed to fool the network instead of maximizing its strength.
A Brief Survey on Deep Learning Based Data Hiding, Steganography and Watermarking
TLDR
A brief yet comprehensive review of existing literature for deep learning based data hiding (deep hiding) is conducted by classifying it according to three essential properties (i.e., capacity, security and robust-ness), and outline three commonly used architectures.
A Survey On Universal Adversarial Attack
TLDR
This survey summarizes the recent progress on universal adversarial attacks, discussing the challenges from both the attack and defense sides, as well as the reason for the existence of UAP.
...
1
2
...

References

SHOWING 1-10 OF 76 REFERENCES
Understanding Adversarial Examples From the Mutual Influence of Images and Perturbations
TLDR
This work uses the DNN logits as a vector for feature representation, and utilizes this vector representation to understand adversarial examples by disentangling the clean images and adversarial perturbations, and analyze their influence on each other.
Double Targeted Universal Adversarial Perturbations
TLDR
A double targeted universal adversarial perturbations (DT-UAPs) are introduced to bridge the gap between the instance-discriminative image-dependent perturbATIONS and the generic universal perturbation to provide an attacker with the freedom to perform precise attacks on a DNN model while raising little suspicion.
Detecting Adversarial Examples - A Lesson from Multimedia Forensics
TLDR
It is concluded that adversarial examples for image classification possibly do not withstand detection methods from steganalysis, and future work should explore the effectiveness of known techniques from multimedia forensics in other adversarial settings.
Universal Adversarial Perturbations
TLDR
The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of classifiers and outlines potential security breaches with the existence of single directions in the input space that adversaries can possibly exploit to break a classifier on most natural images.
CD-UAP: Class Discriminative Universal Adversarial Perturbation
TLDR
This work proposes a new universal attack method to generate a single perturbation that fools a target network to misclassify only a chosen group of classes, while having limited influence on the remaining classes.
With Friends Like These, Who Needs Adversaries?
TLDR
This analysis resolves the apparent contradiction between accuracy and vulnerability and provides a new perspective on much of the prior art and reveals profound implications for efforts to construct neural nets that are both accurate and robust to adversarial attack.
Towards Deep Learning Models Resistant to Adversarial Attacks
TLDR
This work studies the adversarial robustness of neural networks through the lens of robust optimization, and suggests the notion of security against a first-order adversary as a natural and broad security guarantee.
On Detecting Adversarial Perturbations
TLDR
It is shown empirically that adversarial perturbations can be detected surprisingly well even though they are quasi-imperceptible to humans.
Analysis of universal adversarial perturbations
TLDR
It is shown that the robustness of deep networks to universal perturbations is driven by a key property of their curvature: there exists shared directions along which the decision boundary ofDeep networks is systematically positively curved.
A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples
TLDR
It is shown that the adversarial strength observed in practice is directly dependent on the level of regularisation used and the strongest adversarial examples, symptomatic of overfitting, can be avoided by using a proper level ofRegularisation.
...
1
2
3
4
5
...