On Procedural Adversarial Noise Attack And Defense
This work addresses adversarial robustness in computer vision, but it is incremental as it builds on existing UAP methods with procedural noise.
The paper tackles the problem of generating universal adversarial perturbations (UAPs) for deep neural networks without requiring data or gradient information, using procedural noise functions like Simplex and Worley noise, and reports superior attack performance.
Deep Neural Networks (DNNs) are vulnerable to adversarial examples which would inveigle neural networks to make prediction errors with small perturbations on the input images. Researchers have been devoted to promoting the research on the universal adversarial perturbations (UAPs) which are gradient-free and have little prior knowledge on data distributions. Procedural adversarial noise attack is a data-free universal perturbation generation method. In this paper, we propose two universal adversarial perturbation (UAP) generation methods based on procedural noise functions: Simplex noise and Worley noise. In our framework, the shading which disturbs visual classification is generated with rendering technology. Without changing the semantic representations, the adversarial examples generated via our methods show superior performance on the attack.