Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior
This addresses the issue of fragile adversarial examples in computer vision, offering a method to enhance robustness for security testing, though it appears incremental by building on existing DIP techniques.
The paper tackles the problem of generating adversarial image examples that are robust to affine deformations by using a deep image prior (DIP) approach, resulting in perturbations that remain visually imperceptible and can be adapted to create local adversarial patches.
We present a novel method for generating robust adversarial image examples building upon the recent `deep image prior' (DIP) that exploits convolutional network architectures to enforce plausible texture in image synthesis. Adversarial images are commonly generated by perturbing images to introduce high frequency noise that induces image misclassification, but that is fragile to subsequent digital manipulation of the image. We show that using DIP to reconstruct an image under adversarial constraint induces perturbations that are more robust to affine deformation, whilst remaining visually imperceptible. Furthermore we show that our DIP approach can also be adapted to produce local adversarial patches (`adversarial stickers'). We demonstrate robust adversarial examples over a broad gamut of images and object classes drawn from the ImageNet dataset.