Transferable Perturbations of Deep Feature Distributions

Nathan Inkawhich; Kevin Liang; Lawrence Carin; Yiran Chen

Transferable Perturbations of Deep Feature Distributions

Nathan Inkawhich, Kevin Liang, Lawrence Carin, Yiran Chen

Keywords: adversarial, adversarial attacks, imagenet, interpretability, perturbation, transfer learning

Abstract Paper Reviews Chat

Mon Session 3 (12:00-14:00 GMT) [Live QA] [Cal]

Mon Session 4 (17:00-19:00 GMT) [Live QA] [Cal]

Abstract: Almost all current adversarial attacks of CNN classifiers rely on information derived from the output layer of the network. This work presents a new adversarial attack based on the modeling and exploitation of class-wise and layer-wise deep feature distributions. We achieve state-of-the-art targeted blackbox transfer-based attack results for undefended ImageNet models. Further, we place a priority on explainability and interpretability of the attacking process. Our methodology affords an analysis of how adversarial attacks change the intermediate feature distributions of CNNs, as well as a measure of layer-wise and class-wise feature distributional separability/entanglement. We also conceptualize a transition from task/data-specific to model-specific features within a CNN architecture that directly impacts the transferability of adversarial examples.

Transferable Perturbations of Deep Feature Distributions

Nathan Inkawhich, Kevin Liang, Lawrence Carin, Yiran Chen

Similar Papers

Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks

Jiadong Lin, Chuanbiao Song, Kun He, Liwei Wang, John E. Hopcroft,

Defending Against Physically Realizable Attacks on Image Classification

Tong Wu, Liang Tong, Yevgeniy Vorobeychik,

Black-Box Adversarial Attack with Transferable Model-based Embedding

Zhichao Huang, Tong Zhang,

Detecting and Diagnosing Adversarial Images with Class-Conditional Capsule Reconstructions

Yao Qin, Nicholas Frosst, Sara Sabour, Colin Raffel, Garrison Cottrell, Geoffrey Hinton,