ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Fast feature fool: A data independent approach to universal adversarial perturbations

Mopuri, KR and Garg, U and Venkatesh Babu, R (2017) Fast feature fool: A data independent approach to universal adversarial perturbations. In: 28th British Machine Vision Conference, BMVC 2017, 4-7 September 2017, London; United Kingdom.

[img] PDF
BRI_MAC_VIS_CON_2017.pdf - Published Version
Restricted to Registered users only
Download (985kB) | Request a copy
Official URL: https://dx.doi.org/10.5244/C.31.30

Abstract

State-of-the-art object recognition Convolutional Neural Networks (CNNs) are shown to be fooled by image agnostic perturbations, called universal adversarial perturbations. It is also observed that these perturbations generalize across multiple networks trained on the same target data. However, these algorithms require training data on which the CNNs were trained and compute adversarial perturbations via complex optimization. The fooling performance of these approaches is directly proportional to the amount of available training data. This makes them unsuitable for practical attacks since its unreasonable for an attacker to have access to the training data. In this paper, for the first time, we propose a novel data independent approach to generate image agnostic perturbations for a range of CNNs trained for object recognition. We further show that these perturbations are transferable across multiple network architectures trained either on same or different data. In the absence of data, our method generates universal perturbations efficiently via fooling the features learned at multiple layers thereby causing CNNs to misclassify. Experiments demonstrate impressive fooling rates and surprising transferability for the proposed universal perturbations generated without any training data. © 2017. The copyright of this document resides with its authors.

Item Type: Conference Paper
Publication: British Machine Vision Conference 2017, BMVC 2017
Publisher: BMVA Press
Additional Information: cited By 12; Conference of 28th British Machine Vision Conference, BMVC 2017 ; Conference Date: 4 September 2017 Through 7 September 2017; Conference Code:151123
Keywords: Network architecture; Neural networks; Object recognition, Complex optimization; Convolutional neural network; Multiple layers; Multiple networks; State of the art; Training data, Computer vision
Department/Centre: Division of Interdisciplinary Sciences > Computational and Data Sciences
Date Deposited: 01 Jan 2021 11:26
Last Modified: 01 Jan 2021 11:26
URI: http://eprints.iisc.ac.in/id/eprint/65408

Actions (login required)

View Item View Item
Powered by EPrints A service from The J.R.D. Tata Memorial Library Indian Institute of Science, Bengaluru-560012, India