A Perceptual Distortion Reduction Framework: Towards Generating Adversarial Examples with High Perceptual Quality and Attack Success Rate
This work addresses the issue of visible artifacts in adversarial attacks for machine learning security, representing an incremental improvement in optimizing perceptual quality.
The paper tackles the problem of adversarial examples having large perceptual distortions at high attack strengths by proposing a framework that reduces unnecessary modifications through a perceptual distortion constraint and adaptive penalty factor, achieving improved perceptual quality and attack success rate as verified by extensive experiments.
Most of the adversarial attack methods suffer from large perceptual distortions such as visible artifacts, when the attack strength is relatively high. These perceptual distortions contain a certain portion which contributes less to the attack success rate. This portion of distortions, which is induced by unnecessary modifications and lack of proper perceptual distortion constraint, is the target of the proposed framework. In this paper, we propose a perceptual distortion reduction framework to tackle this problem from two perspectives. Firstly, we propose a perceptual distortion constraint and add it into the objective function to jointly optimize the perceptual distortions and attack success rate. Secondly, we propose an adaptive penalty factor $λ$ to balance the discrepancies between different samples. Since SGD and Momentum-SGD cannot optimize our complex non-convex problem, we exploit Adam in optimization. Extensive experiments have verified the superiority of our proposed framework.