Adversarial Evasion Attacks on Computer Vision using SHAP Values
This addresses security vulnerabilities in computer vision systems, but it is incremental as it builds on existing attack methods.
The paper tackles the problem of adversarial evasion attacks on computer vision models by introducing a white-box attack using SHAP values, resulting in more robust misclassifications compared to the Fast Gradient Sign Method, especially in gradient hiding scenarios.
The paper introduces a white-box attack on computer vision models using SHAP values. It demonstrates how adversarial evasion attacks can compromise the performance of deep learning models by reducing output confidence or inducing misclassifications. Such attacks are particularly insidious as they can deceive the perception of an algorithm while eluding human perception due to their imperceptibility to the human eye. The proposed attack leverages SHAP values to quantify the significance of individual inputs to the output at the inference stage. A comparison is drawn between the SHAP attack and the well-known Fast Gradient Sign Method. We find evidence that SHAP attacks are more robust in generating misclassifications particularly in gradient hiding scenarios.