DAmageNet: A Universal Adversarial Dataset
This provides a benchmark for studying and improving DNN robustness, addressing the need for zero-query adversarial attacks, though it is incremental as it builds on existing transferability concepts.
The authors tackled the problem of adversarial attacks on deep neural networks by creating DAmageNet, a universal adversarial dataset with 96,020 transferable samples that cause up to 90% error rates in various models, using only a 3.8 average root mean squared deviation from original images.
It is now well known that deep neural networks (DNNs) are vulnerable to adversarial attack. Adversarial samples are similar to the clean ones, but are able to cheat the attacked DNN to produce incorrect predictions in high confidence. But most of the existing adversarial attacks have high success rate only when the information of the attacked DNN is well-known or could be estimated by massive queries. A promising way is to generate adversarial samples with high transferability. By this way, we generate 96020 transferable adversarial samples from original ones in ImageNet. The average difference, measured by root means squared deviation, is only around 3.8 on average. However, the adversarial samples are misclassified by various models with an error rate up to 90\%. Since the images are generated independently with the attacked DNNs, this is essentially zero-query adversarial attack. We call the dataset \emph{DAmageNet}, which is the first universal adversarial dataset that beats many models trained in ImageNet. By finding the drawbacks, DAmageNet could serve as a benchmark to study and improve robustness of DNNs. DAmageNet could be downloaded in http://www.pami.sjtu.edu.cn/Show/56/122.