ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Ask, acquire, and attack: data-free UAP generation using class impressions

Mopuri, KR and Uppala, PK and Babu, RV (2018) Ask, acquire, and attack: data-free UAP generation using class impressions. In: 15th European Conference on Computer Vision, ECCV 2018, 8 - 14 September 2018, Munich, pp. 20-35.

Full text not available from this repository.
Official URL: https://doi.org/10.1007/978-3-030-01240-3_2

Abstract

Deep learning models are susceptible to input specific noise, called adversarial perturbations. Moreover, there exist input-agnostic noise, called Universal Adversarial Perturbations (UAP) that can affect inference of the models over most input samples. Given a model, there exist broadly two approaches to craft UAPs: (i) data-driven: that require data, and (ii) data-free: that do not require data samples. Data-driven approaches require actual samples from the underlying data distribution and craft UAPs with high success (fooling) rate. However, data-free approaches craft UAPs without utilizing any data samples and therefore result in lesser success rates. In this paper, for data-free scenarios, we propose a novel approach that emulates the effect of data samples with class impressions in order to craft UAPs using data-driven objectives. Class impression for a given pair of category and model is a generic representation (in the input space) of the samples belonging to that category. Further, we present a neural network based generative model that utilizes the acquired class impressions to learn crafting UAPs. Experimental evaluation demonstrates that the learned generative model, (i) readily crafts UAPs via simple feed-forwarding through neural network layers, and (ii) achieves state-of-the-art success rates for data-free scenario and closer to that for data-driven setting without actually utilizing any data samples.

Item Type: Conference Paper
Publication: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher: Springer Verlag
Additional Information: The copyright for this article belongs to the Authors.
Keywords: Computer vision; Deep learning, Adversarial attacks; Class impressions; Data-free attacks; Image-agnostic perturbations; Ml systems, Network layers
Department/Centre: Division of Interdisciplinary Sciences > Computational and Data Sciences
Date Deposited: 02 Sep 2022 05:42
Last Modified: 02 Sep 2022 05:42
URI: https://eprints.iisc.ac.in/id/eprint/76360

Actions (login required)

View Item View Item
Powered by EPrints A service from The J.R.D. Tata Memorial Library Indian Institute of Science, Bengaluru-560012, India