AdvHaze: Adversarial Haze Attack
This work addresses the need for non-noise-based adversarial attacks to evaluate and improve the robustness of deep neural networks, though it is incremental in expanding attack types.
The paper tackles the problem of adversarial attacks on neural networks by introducing a novel haze-based method that synthesizes realistic adversarial haze into images, achieving a high success rate and better transferability across models than baseline noise-based attacks.
In recent years, adversarial attacks have drawn more attention for their value on evaluating and improving the robustness of machine learning models, especially, neural network models. However, previous attack methods have mainly focused on applying some $l^p$ norm-bounded noise perturbations. In this paper, we instead introduce a novel adversarial attack method based on haze, which is a common phenomenon in real-world scenery. Our method can synthesize potentially adversarial haze into an image based on the atmospheric scattering model with high realisticity and mislead classifiers to predict an incorrect class. We launch experiments on two popular datasets, i.e., ImageNet and NIPS~2017. We demonstrate that the proposed method achieves a high success rate, and holds better transferability across different classification models than the baselines. We also visualize the correlation matrices, which inspire us to jointly apply different perturbations to improve the success rate of the attack. We hope this work can boost the development of non-noise-based adversarial attacks and help evaluate and improve the robustness of DNNs.