Smooth adversarial examples

IF 2.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS EURASIP Journal on Information Security Pub Date : 2020-11-17 DOI:10.1186/s13635-020-00112-z
Hanwei Zhang, Yannis Avrithis, Teddy Furon, Laurent Amsaleg
{"title":"Smooth adversarial examples","authors":"Hanwei Zhang, Yannis Avrithis, Teddy Furon, Laurent Amsaleg","doi":"10.1186/s13635-020-00112-z","DOIUrl":null,"url":null,"abstract":"This paper investigates the visual quality of the adversarial examples. Recent papers propose to smooth the perturbations to get rid of high frequency artifacts. In this work, smoothing has a different meaning as it perceptually shapes the perturbation according to the visual content of the image to be attacked. The perturbation becomes locally smooth on the flat areas of the input image, but it may be noisy on its textured areas and sharp across its edges.This operation relies on Laplacian smoothing, well-known in graph signal processing, which we integrate in the attack pipeline. We benchmark several attacks with and without smoothing under a white box scenario and evaluate their transferability. Despite the additional constraint of smoothness, our attack has the same probability of success at lower distortion.","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":null,"pages":null},"PeriodicalIF":2.5000,"publicationDate":"2020-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EURASIP Journal on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s13635-020-00112-z","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

This paper investigates the visual quality of the adversarial examples. Recent papers propose to smooth the perturbations to get rid of high frequency artifacts. In this work, smoothing has a different meaning as it perceptually shapes the perturbation according to the visual content of the image to be attacked. The perturbation becomes locally smooth on the flat areas of the input image, but it may be noisy on its textured areas and sharp across its edges.This operation relies on Laplacian smoothing, well-known in graph signal processing, which we integrate in the attack pipeline. We benchmark several attacks with and without smoothing under a white box scenario and evaluate their transferability. Despite the additional constraint of smoothness, our attack has the same probability of success at lower distortion.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
流畅的对抗性例子
本文研究了对抗性示例的视觉质量。最近的一些论文提出对扰动进行平滑以去除高频伪影。在这项工作中,平滑具有不同的含义,因为它根据要攻击的图像的视觉内容感知地塑造扰动。扰动在输入图像的平坦区域局部变得平滑,但在其纹理区域可能是噪声的,在其边缘可能是尖锐的。该操作依赖于在图信号处理中众所周知的拉普拉斯平滑,我们将其集成到攻击管道中。我们在白盒场景下测试了几种有平滑和没有平滑的攻击,并评估了它们的可移植性。尽管有额外的平滑性约束,我们的攻击在较低失真下具有相同的成功概率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
EURASIP Journal on Information Security
EURASIP Journal on Information Security COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
8.80
自引率
0.00%
发文量
6
审稿时长
13 weeks
期刊介绍: The overall goal of the EURASIP Journal on Information Security, sponsored by the European Association for Signal Processing (EURASIP), is to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. Topics relevant to the journal include, but are not limited to: • Multimedia security primitives (such digital watermarking, perceptual hashing, multimedia authentictaion) • Steganography and Steganalysis • Fingerprinting and traitor tracing • Joint signal processing and encryption, signal processing in the encrypted domain, applied cryptography • Biometrics (fusion, multimodal biometrics, protocols, security issues) • Digital forensics • Multimedia signal processing approaches tailored towards adversarial environments • Machine learning in adversarial environments • Digital Rights Management • Network security (such as physical layer security, intrusion detection) • Hardware security, Physical Unclonable Functions • Privacy-Enhancing Technologies for multimedia data • Private data analysis, security in outsourced computations, cloud privacy
期刊最新文献
Access control for trusted data sharing DQ-NN and phantom routing for enhanced source location privacy for IoT under multiple source and destination Trajectory-aware privacy-preserving method with local differential privacy in crowdsourcing Enhancing internet of things security using entropy-informed RF-DNA fingerprint learning from Gabor-based images Cover-source mismatch in steganalysis: systematic review
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1