Generating Natural Adversarial Hyperspectral examples with a modified Wasserstein GAN
This work addresses the challenge of creating adversarial examples without full model knowledge, which is incremental as it builds on existing GAN-based approaches for a specific domain.
The paper tackles the problem of generating natural adversarial examples for black-box classifiers by introducing a method based on Generative Adversarial Networks (GANs) that reweights the true data distribution, and demonstrates its proof of concept on a remote sensing dataset with hyperspectral signatures.
Adversarial examples are a hot topic due to their abilities to fool a classifier's prediction. There are two strategies to create such examples, one uses the attacked classifier's gradients, while the other only requires access to the clas-sifier's prediction. This is particularly appealing when the classifier is not full known (black box model). In this paper, we present a new method which is able to generate natural adversarial examples from the true data following the second paradigm. Based on Generative Adversarial Networks (GANs) [5], it reweights the true data empirical distribution to encourage the classifier to generate ad-versarial examples. We provide a proof of concept of our method by generating adversarial hyperspectral signatures on a remote sensing dataset.