Current browse context:
cs.CV
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: HRFA: High-Resolution Feature-based Attack
(Submitted on 21 Jan 2020 (v1), last revised 22 Oct 2020 (this version, v2))
Abstract: Adversarial attacks have long been developed for revealing the vulnerability of Deep Neural Networks (DNNs) by adding imperceptible perturbations to the input. Most methods generate perturbations like normal noise, which is not interpretable and without semantic meaning. In this paper, we propose High-Resolution Feature-based Attack (HRFA), yielding authentic adversarial examples with up to $1024 \times 1024$ resolution. HRFA exerts attack by modifying the latent feature representation of the image, i.e., the gradients back propagate not only through the victim DNN, but also through the generative model that maps the feature space to the image space. In this way, HRFA generates adversarial examples that are in high-resolution, realistic, noise-free, and hence is able to evade several denoising-based defenses. In the experiment, the effectiveness of HRFA is validated by attacking the object classification and face verification tasks with BigGAN and StyleGAN, respectively. The advantages of HRFA are verified from the high quality, high authenticity, and high attack success rate faced with defenses.
Submission history
From: Sizhe Chen [view email][v1] Tue, 21 Jan 2020 16:21:20 GMT (3895kb,D)
[v2] Thu, 22 Oct 2020 13:08:04 GMT (6178kb,D)
Link back to: arXiv, form interface, contact.