DeepFool: a simple and accurate method to fool deep neural networks
This addresses the security and reliability of deep learning models for image classification, though it is incremental as it builds on existing adversarial attack research.
The paper tackles the problem of deep neural networks being vulnerable to small image perturbations by proposing DeepFool, an algorithm that efficiently computes such adversarial perturbations to quantify classifier robustness, with experimental results showing it outperforms recent methods.
State-of-the-art deep neural networks have achieved impressive results on many image classification tasks. However, these same architectures have been shown to be unstable to small, well sought, perturbations of the images. Despite the importance of this phenomenon, no effective methods have been proposed to accurately compute the robustness of state-of-the-art deep classifiers to such perturbations on large-scale datasets. In this paper, we fill this gap and propose the DeepFool algorithm to efficiently compute perturbations that fool deep networks, and thus reliably quantify the robustness of these classifiers. Extensive experimental results show that our approach outperforms recent methods in the task of computing adversarial perturbations and making classifiers more robust.