Adversarial Attack with Raindrops
This work addresses the problem of DNN robustness against natural adversarial phenomena for AI safety and reliability, though it is incremental as it applies existing GAN techniques to a specific domain.
The paper tackles the vulnerability of deep neural networks (DNNs) to adversarial examples by studying natural raindrops as attackers, presenting AdvRD, a GAN-based method to generate adversarial raindrop images that are visually and statistically similar to real ones and can strongly attack state-of-the-art DNN models, while adversarial training with these images significantly improves robustness to real-world raindrop attacks.
Deep neural networks (DNNs) are known to be vulnerable to adversarial examples, which are usually designed artificially to fool DNNs, but rarely exist in real-world scenarios. In this paper, we study the adversarial examples caused by raindrops, to demonstrate that there exist plenty of natural phenomena being able to work as adversarial attackers to DNNs. Moreover, we present a new approach to generate adversarial raindrops, denoted as AdvRD, using the generative adversarial network (GAN) technique to simulate natural raindrops. The images crafted by our AdvRD look very similar to the real-world raindrop images, statistically close to the distribution of true raindrop images, and more importantly, can perform strong adversarial attack to the state-of-the-art DNN models. On the other side, we show that the adversarial training using our AdvRD images can significantly improve the robustness of DNNs to the real-world raindrop attacks. Extensive experiments are carried out to demonstrate that the images crafted by AdvRD are visually and statistically close to the natural raindrop images, can work as strong attackers to DNN models, and also help improve the robustness of DNNs to raindrop attacks.