EdgeFool: An Adversarial Image Enhancement Filter
This work addresses the challenge of creating stealthier adversarial attacks for image classification systems, though it appears incremental as it builds on prior adversarial methods.
The authors tackled the problem of adversarial examples being easily detectable or noticeable by proposing EdgeFool, a filter that generates structure-aware perturbations to enhance image details while misleading classifiers, achieving competitive results compared to six existing methods on datasets like ImageNet and Private-Places365.
Adversarial examples are intentionally perturbed images that mislead classifiers. These images can, however, be easily detected using denoising algorithms, when high-frequency spatial perturbations are used, or can be noticed by humans, when perturbations are large. In this paper, we propose EdgeFool, an adversarial image enhancement filter that learns structure-aware adversarial perturbations. EdgeFool generates adversarial images with perturbations that enhance image details via training a fully convolutional neural network end-to-end with a multi-task loss function. This loss function accounts for both image detail enhancement and class misleading objectives. We evaluate EdgeFool on three classifiers (ResNet-50, ResNet-18 and AlexNet) using two datasets (ImageNet and Private-Places365) and compare it with six adversarial methods (DeepFool, SparseFool, Carlini-Wagner, SemanticAdv, Non-targeted and Private Fast Gradient Sign Methods). Code is available at https://github.com/smartcameras/EdgeFool.git.