Adversarial attacks have only focused on changing the predictions of the classifier, but their danger greatly depends on how the class is mistaken. For example, when an automatic driving system mistakes a Persian cat for a Siamese cat, it is hardly a problem. However, if it mistakes a cat for a 120km/h minimum speed sign, serious problems can arise. As a stepping stone to more threatening adversarial attacks, we consider the superclass adversarial attack, which causes misclassification of not only fine classes, but also superclasses. We conducted the first comprehensive analysis of superclass adversarial attacks (an existing and 19 new methods) in terms of accuracy, speed, and stability, and identified several strategies to achieve better performance. Although this study is aimed at superclass misclassification, the findings can be applied to other problem settings involving multiple classes, such as top-k and multi-label classification attacks.
翻译:反versarial攻击仅仅侧重于改变分类者的预测,但其危险在很大程度上取决于该等级如何错误。例如,当自动驾驶系统误用波斯猫给暹罗猫造成误差时,这不是一个问题。然而,如果猫误用120公里/小时最低速度标志,可能会出现严重问题。作为威胁性对抗攻击的垫脚石,我们认为超级级对抗性攻击不仅导致细级分类错误,而且导致超级级对抗性攻击错误分类。我们在准确性、速度和稳定性方面对超级级对抗性攻击(现有方法和19种新方法)进行了第一次全面分析,并确定了实现更好业绩的若干战略。 尽管这项研究旨在针对超级级分类错误,但研究结果可以适用于涉及多类的其他问题环境,例如顶级和多标签分类攻击。