Affiliation:
1. School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450000, China
2. Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200240, China
Abstract
Deep neural networks-based image classification systems could suffer from adversarial attack algorithms, which generate input examples by adding deliberately crafted yet imperceptible noise to original inputs. To reduce the impact on human visual sense and to ensure adversarial attack ability, the input image needs to be modified by pixels in considerable iterations which is time consuming. By using sparse mapping network to map the input into a higher dimensional space, searching space of adversarial perturbation distribution is enlarged to better acquire perturbation information. Taking both searching speed and searching effectiveness into consideration, sparsity limitation is introduced to suppress unnecessary neurons during parameter updating process. Based on different eye sensitivity of different colors, maps of each color channel are disturbed by perturbations with different strengths to reduce visual perception. Numerical experiments confirm that compared with the state-of-the-art adversarial attack algorithms, the proposed SparseAdv performs a relatively high attack ability, better imperceptible visualization, and faster generation speed.
Funder
Collaborative Innovation Major Project of Zhengzhou
Subject
Electrical and Electronic Engineering,Instrumentation,Control and Systems Engineering
Reference35 articles.
1. A survey of image classification methods and techniques for improving classification performance
2. ImageNet classification with deep convolutional neural networks;A. Krizhevsky;Advances in Neural Information Processing Systems,2012
3. Delving deep into rectifiers: surpassing human-level performance on ImageNet classification;K. He
4. Convolutional Neural Networks for Speech Recognition
5. Object Detection With Deep Learning: A Review