Despite extensive research into adversarial attacks, we do not know how adversarial attacks affect image pixels. Knowing how image pixels are affected by adversarial attacks has the potential to lead us to better adversarial defenses. Motivated by instances that we find where strong attacks do not transfer, we delve into adversarial examples at pixel level to scrutinize how adversarial attacks affect image pixel values. We consider several ImageNet architectures, InceptionV3, VGG19 and ResNet50, as well as several strong attacks. We find that attacks can have different effects at pixel level depending on classifier architecture. In particular, input pre-processing plays a previously overlooked role in the effect that attacks have on pixels. Based on the insights of pixel-level examination, we find new ways to detect some of the strongest current attacks.
翻译:尽管对对抗性攻击进行了广泛的研究,但我们不知道对抗性攻击如何影响图像像素。 了解对抗性攻击对图像像素的影响有可能使我们获得更好的对抗性防御。 受我们发现的强攻不转移的例子的驱使,我们研究了像素层面的对抗性攻击如何影响图像像素价值。 我们考虑了几个图像网络架构, InceptionV3、 VGG19和ResNet50, 以及一些强攻。 我们发现,根据分类结构,攻击在像素层面可以产生不同的效果。 特别是,投入的前处理在攻击对像素的影响方面,在以前被忽视的作用。 基于像素层面的考察,我们找到了新的方法来探测一些最强的当前攻击。
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员