{"title":"Sigma-UAP:一种针对深度神经网络的隐形半通用对抗性攻击","authors":"Feiyang Qin, Wenqi Na, Song Gao, Shaowen Yao","doi":"10.1109/prmvia58252.2023.00012","DOIUrl":null,"url":null,"abstract":"Although deep neural networks (DNNs) have achieved exceptional performance, they are shown to be fragile to universal adversarial perturbations (UAP), which can be applied to any images to fool a well-trained DNN. Several methods have been proposed to design universal perturbations. However, these methods often leave visible traces in natural images. In this paper, we propose Sigma-UAP, a semi-universal adversarial attack, to enhance the quasi-imperceptibility of universal adversarial perturbations, in which the Sigma-map algorithm is leveraged to hide perturbations by identifying the low-frequency region of the image and eliminating the perturbations in that region. Then, we use a simple matrix calculation to augment the perturbation in the high-frequency region to ensure the attack effectiveness of the perturbation. The extensive empirical experiments show that, compared with the state-of-the-art universal adversarial attacks, Sigma-UAP method obtains excellent attack capabilities in visual effect and attack success rate.","PeriodicalId":221346,"journal":{"name":"2023 International Conference on Pattern Recognition, Machine Vision and Intelligent Algorithms (PRMVIA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Sigma-UAP: An Invisible Semi-Universal Adversarial Attack Against Deep Neural Networks\",\"authors\":\"Feiyang Qin, Wenqi Na, Song Gao, Shaowen Yao\",\"doi\":\"10.1109/prmvia58252.2023.00012\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although deep neural networks (DNNs) have achieved exceptional performance, they are shown to be fragile to universal adversarial perturbations (UAP), which can be applied to any images to fool a well-trained DNN. Several methods have been proposed to design universal perturbations. However, these methods often leave visible traces in natural images. In this paper, we propose Sigma-UAP, a semi-universal adversarial attack, to enhance the quasi-imperceptibility of universal adversarial perturbations, in which the Sigma-map algorithm is leveraged to hide perturbations by identifying the low-frequency region of the image and eliminating the perturbations in that region. Then, we use a simple matrix calculation to augment the perturbation in the high-frequency region to ensure the attack effectiveness of the perturbation. The extensive empirical experiments show that, compared with the state-of-the-art universal adversarial attacks, Sigma-UAP method obtains excellent attack capabilities in visual effect and attack success rate.\",\"PeriodicalId\":221346,\"journal\":{\"name\":\"2023 International Conference on Pattern Recognition, Machine Vision and Intelligent Algorithms (PRMVIA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 International Conference on Pattern Recognition, Machine Vision and Intelligent Algorithms (PRMVIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/prmvia58252.2023.00012\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Conference on Pattern Recognition, Machine Vision and Intelligent Algorithms (PRMVIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/prmvia58252.2023.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Sigma-UAP: An Invisible Semi-Universal Adversarial Attack Against Deep Neural Networks
Although deep neural networks (DNNs) have achieved exceptional performance, they are shown to be fragile to universal adversarial perturbations (UAP), which can be applied to any images to fool a well-trained DNN. Several methods have been proposed to design universal perturbations. However, these methods often leave visible traces in natural images. In this paper, we propose Sigma-UAP, a semi-universal adversarial attack, to enhance the quasi-imperceptibility of universal adversarial perturbations, in which the Sigma-map algorithm is leveraged to hide perturbations by identifying the low-frequency region of the image and eliminating the perturbations in that region. Then, we use a simple matrix calculation to augment the perturbation in the high-frequency region to ensure the attack effectiveness of the perturbation. The extensive empirical experiments show that, compared with the state-of-the-art universal adversarial attacks, Sigma-UAP method obtains excellent attack capabilities in visual effect and attack success rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
