Multi-Task Adversarial Attack
This work addresses the efficiency and quality of adversarial attacks for multiple tasks, which is relevant for researchers and practitioners deploying or defending multi-task deep learning systems.
This paper introduces Multi-Task Adversarial Attack (MTA), a framework to generate adversarial examples for multiple deep neural network tasks simultaneously. MTA leverages shared knowledge through a generator with a shared encoder and task-specific decoders, which reduces storage cost and speeds up inference compared to single-task methods, while improving attack quality on Office-31 and NYUv2 datasets.
Deep neural networks have achieved impressive performance in various areas, but they are shown to be vulnerable to adversarial attacks. Previous works on adversarial attacks mainly focused on the single-task setting. However, in real applications, it is often desirable to attack several models for different tasks simultaneously. To this end, we propose Multi-Task adversarial Attack (MTA), a unified framework that can craft adversarial examples for multiple tasks efficiently by leveraging shared knowledge among tasks, which helps enable large-scale applications of adversarial attacks on real-world systems. More specifically, MTA uses a generator for adversarial perturbations which consists of a shared encoder for all tasks and multiple task-specific decoders. Thanks to the shared encoder, MTA reduces the storage cost and speeds up the inference when attacking multiple tasks simultaneously. Moreover, the proposed framework can be used to generate per-instance and universal perturbations for targeted and non-targeted attacks. Experimental results on the Office-31 and NYUv2 datasets demonstrate that MTA can improve the quality of attacks when compared with its single-task counterpart.