Superclass Adversarial Attack
This work addresses a critical safety issue in AI systems, such as autonomous driving, by focusing on more threatening misclassifications, though it is incremental as it builds on existing adversarial attack frameworks.
The paper tackles the problem of adversarial attacks that cause misclassification not only of fine-grained classes but also of superclasses, which is more dangerous than typical attacks. It conducted the first comprehensive analysis of 20 methods (including existing and new ones) in terms of accuracy, speed, and stability, identifying strategies for better performance.
Adversarial attacks have only focused on changing the predictions of the classifier, but their danger greatly depends on how the class is mistaken. For example, when an automatic driving system mistakes a Persian cat for a Siamese cat, it is hardly a problem. However, if it mistakes a cat for a 120km/h minimum speed sign, serious problems can arise. As a stepping stone to more threatening adversarial attacks, we consider the superclass adversarial attack, which causes misclassification of not only fine classes, but also superclasses. We conducted the first comprehensive analysis of superclass adversarial attacks (an existing and 19 new methods) in terms of accuracy, speed, and stability, and identified several strategies to achieve better performance. Although this study is aimed at superclass misclassification, the findings can be applied to other problem settings involving multiple classes, such as top-k and multi-label classification attacks.