Improving Visual Quality of Unrestricted Adversarial Examples with Wavelet-VAE
This addresses a threat to AI safety by enabling more realistic adversarial attacks, though it is incremental as it builds on existing VAE and wavelet methods.
The paper tackles the problem of generating unrestricted adversarial examples that are imperceptible to humans, using a wavelet-VAE structure to modify latent codes, resulting in high-quality adversarial examples on the ImageNet dataset.
Traditional adversarial examples are typically generated by adding perturbation noise to the input image within a small matrix norm. In practice, un-restricted adversarial attack has raised great concern and presented a new threat to the AI safety. In this paper, we propose a wavelet-VAE structure to reconstruct an input image and generate adversarial examples by modifying the latent code. Different from perturbation-based attack, the modifications of the proposed method are not limited but imperceptible to human eyes. Experiments show that our method can generate high quality adversarial examples on ImageNet dataset.