AdvGAN++ : Harnessing latent layers for adversary generation
This work addresses the challenge of creating more effective and realistic adversarial attacks for neural networks, which is an incremental improvement over existing methods.
The paper tackled the problem of generating adversarial examples by using latent features as priors instead of input images, resulting in AdvGAN++ achieving higher attack rates and generating perceptually realistic images on MNIST and CIFAR-10 datasets.
Adversarial examples are fabricated examples, indistinguishable from the original image that mislead neural networks and drastically lower their performance. Recently proposed AdvGAN, a GAN based approach, takes input image as a prior for generating adversaries to target a model. In this work, we show how latent features can serve as better priors than input images for adversary generation by proposing AdvGAN++, a version of AdvGAN that achieves higher attack rates than AdvGAN and at the same time generates perceptually realistic images on MNIST and CIFAR-10 datasets.