Abstract
Deep neural networks are vulnerable to adversarial examples, which can fool classifiers by adding small perturbations. Various adversarial attack methods have been proposed in the past several years, and most of them add the perturbation in a “sparse” or “global” way. Since the number of pixels perturbed by the “sparse" method and the perturbation intensity of each pixel added by the “global" method are both small, the adversarial property can be destroyed easily. Finally, it makes the adversarial attack and the adversarial training based on these samples unreliable. To address this issue, we present an “pixel-wise" method which is somewhere in between the “sparse” or “global” way. First, the perception of human eyes to the error of different image regions is different. Second, image processing methods have different effects on the different areas of the image. Based on these two considerations, we propose an imperceptible and reliable adversarial attack method, which projects the perturbation to the different areas differently. Extensive experiments demonstrate our method can preserve the attack ability while maintaining good view quality. More importantly, the proposed projection can be combined with existing attack methods to generate a stronger generation algorithm which improves the robustness of adversarial examples. Based on the proposed method, the reliability of adversarial attacks can be greatly improved.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks (2017)
Deng, J., Dong, W., Socher, R., Li, L., Li, K., Li, F.-F.: Imagenet: A large-scale hierarchical image database. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 248–255 (2009). https://doi.org/10.1109/CVPR.2009.5206848
Fang, W., Yao, X., Zhao, X., Yin, J., Xiong, N.: A stochastic control approach to maximize profit on service provisioning for mobile cloudlet platforms. IEEE Trans. Syst. Man Cybern.: Syst. 48(4), 522–534 (2016)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples (2015)
Zhang, H., Yannis Avrithis, T.F., Amsaleg, L.: Smooth adversarial examples, pp. 2818–2826 (2020)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world (2017)
Legge, G.E., Foley, J.M.: Contrast masking in human vision. Josa 70(12), 1458–1471 (1980)
Li, H., Liu, J., Liu, R.W., Xiong, N., Wu, K., Kim, T.H.: A dimensionality reduction-based multi-step clustering method for robust vessel trajectory analysis. Sensors 17(8), 1792 (2017)
Lin, et al.: A time-driven data placement strategy for a scientific workflow combining edge computing and cloud computing. IEEE Trans. Industr. Inf. 15(7), 4254–4265 (2019)
Lin, W., Dong, L., Xue, P.: Visual distortion gauge based on discrimination of noticeable contrast changes. IEEE Trans. Circuits Syst. Video Technol. 15(7), 900–909 (2005)
Liu, A., Lin, W., Paul, M., Deng, C., Zhang, F.: Just noticeable difference for images with decomposition model for separating edge and textured regions. IEEE Trans. Circuits Syst. Video Technol. 20(11), 1648–1652 (2010)
Luo, M.R., Cui, G., Rigg, B.: The development of the CIE 2000 colour-difference formula: Ciede 2000. Color Research & Application: Endorsed by Inter-Society Color Council, The Colour Group (Great Britain), Canadian Society for Color, Color Science Association of Japan, Dutch Society for the Study of Color, The Swedish Colour Centre Foundation, Colour Society of Australia, Centre Français de la Couleur 26(5), 340–350 (2001)
Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: Deepfool: A simple and accurate method to fool deep neural networks. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 2574–2582 (2016). https://doi.org/10.1109/CVPR.2016.282
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS P), pp. 372–387 (2016). https://doi.org/10.1109/EuroSP.2016.36
Qu, Y., Xiong, N.: RFH: A resilient, fault-tolerant and high-efficient replication algorithm for distributed cloud storage. In: 2012 41st International Conference on Parallel Processing, pp. 520–529. IEEE (2012)
Ren, S., He, K., Girshick, R., Sun, J.: Faster R-CNN: towards real-time object detection with region proposal networks. IEEE Trans. Pattern Anal. Mach. Intell. 39(6), 1137–1149 (2016)
Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision, pp. 2818–2826 (2016)
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks (2014)
Vaswani, A., et al.: Attention is all you need. arXiv:1706.03762 (2017)
Xiong, N., et al.: A self-tuning failure detection scheme for cloud computing service. In: 2012 IEEE 26th International Parallel and Distributed Processing Symposium, pp. 668–679. IEEE (2012)
Yang, J., et al.: A fingerprint recognition scheme based on assembling invariant moments for cloud computing communications. IEEE Syst. J. 5(4), 574–583 (2011)
Yi, B., Shen, X., Liu, H., Zhang, Z., Zhang, W., Liu, S., Xiong, N.: Deep matrix factorization with implicit feedback embedding for recommendation system. IEEE Trans. Industr. Inf. 15(8), 4591–4601 (2019)
Yin, J., Lo, W., Deng, S., Li, Y., Wu, Z., Xiong, N.: Colbar: A collaborative location-based regularization framework for QOS prediction. Inf. Sci. 265, 68–84 (2014)
Zeng, Y., Xiong, N., Park, J.H., Zheng, G.: An emergency-adaptive routing scheme for wireless sensor networks for building fire hazard monitoring. Sensors 10(6), 6128–6148 (2010)
Zhao, Z., Liu, Z., Larson, M.: Towards large yet imperceptible adversarial image perturbations with perceptual color distance. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 1039–1048 (2020)
Wang, Z., Bovik, A.C., Sheikh, H.R., Simoncelli, E.P.: Image quality assessment: From error visibility to structural similarity. IEEE Trans. Image Process. 13(4), 600–612 (2004). https://doi.org/10.1109/TIP.2003.819861
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhang, J., Wang, J., Luo, X., Ma, B., Xiong, N. (2022). Imperceptible and Reliable Adversarial Attack. In: Cao, C., Zhang, Y., Hong, Y., Wang, D. (eds) Frontiers in Cyber Security. FCS 2021. Communications in Computer and Information Science, vol 1558. Springer, Singapore. https://doi.org/10.1007/978-981-19-0523-0_4
Download citation
DOI: https://doi.org/10.1007/978-981-19-0523-0_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0522-3
Online ISBN: 978-981-19-0523-0
eBook Packages: Computer ScienceComputer Science (R0)