Minimizing Perceived Image Quality Loss Through Adversarial Attack Scoping
This work addresses safety concerns in security-critical applications like robotics and autonomous vehicles by providing more efficient adversarial attack methods, though it appears incremental as it builds on existing attack concepts.
The paper tackled the problem of adversarial attacks in computer vision by developing simplified algorithms based on a scoping idea, resulting in fast attacks that minimize structural image quality loss and enable efficient transfer attacks with low target inference network calls, including a pen-drawing attack on MNIST.
Neural networks are now actively being used for computer vision tasks in security critical areas such as robotics, face recognition, autonomous vehicles yet their safety is under question after the discovery of adversarial attacks. In this paper we develop simplified adversarial attack algorithms based on a scoping idea, which enables execution of fast adversarial attacks that minimize structural image quality (SSIM) loss, allows performing efficient transfer attacks with low target inference network call count and opens a possibility of an attack using pen-only drawings on a paper for the MNIST handwritten digit dataset. The presented adversarial attack analysis and the idea of attack scoping can be easily expanded to different datasets, thus making the paper's results applicable to a wide range of practical tasks.