AdvGAN++: Harnessing Latent Layers for Adversary Generation

Jandial, Surgan; Mangla, Puneet; Varshney, Sakshi; Balasubramanian, Vineeth N

doi:10.1109/iccvw.2019.00257

Cited by 56 publications

(23 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…GAN-based Adversarial Attack Methods. Researchers have investigated GAN-based structures to generate adversarial examples, such as [4], [56], [26], [59], [7]. For example, the authors in [59] train a GAN and an additional Inverter network AdvGAN [56], AdvGAN++ [26] Zhao et al [59], Carlini et al [7] Bounded Adversarial Examples Sharif et al [47] PS-GAN [31] Ours to generate full-size, fake images that are able to flip the predicted label or mount an untargeted attack.…”

Section: Related Work and Countermeasures A Related Workmentioning

confidence: 99%

“…Researchers have investigated GAN-based structures to generate adversarial examples, such as [4], [56], [26], [59], [7]. For example, the authors in [59] train a GAN and an additional Inverter network AdvGAN [56], AdvGAN++ [26] Zhao et al [59], Carlini et al [7] Bounded Adversarial Examples Sharif et al [47] PS-GAN [31] Ours to generate full-size, fake images that are able to flip the predicted label or mount an untargeted attack. Notably, these studies resemble the investigation of an adversarial example objective-input-dependent or noisy perturbation-based distortions added to an input covering the whole image to mount an untargeted attack.…”

Section: Related Work and Countermeasures A Related Workmentioning

confidence: 99%

See 1 more Smart Citation

TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems

Doan¹,

Xue²,

Ma³

et al. 2021

Preprint

View full text Add to dashboard Cite

Section: Related Work and Countermeasures A Related Workmentioning

confidence: 99%

Section: Related Work and Countermeasures A Related Workmentioning

confidence: 99%

TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems

Doan¹,

Xue²,

Ma³

et al. 2021

Preprint

View full text Add to dashboard Cite

“…The trained generator can generate target and no target adversarial examples in batch, which achieved a very high attack success rate. Puneet Mangla et al [16] improved the AdvGAN (a GAN which can generate adversarial examples called AdvGAN), and proposed AdvGAN++. The authors thought that when generated the adversarial example, the potential characteristics of the original examples should be full of use, and generated adversarial examples should also be close to the input distribution.…”

Section: Related Workmentioning

confidence: 99%

A Two-Stage Generative Adversarial Networks With Semantic Content Constraints for Adversarial Example Generation

et al. 2020

View full text Add to dashboard Cite

“…They also utilize GAN for learning the latent space but without any reference point and therefore have exhaustive search space. AdvGAN [37], AdvGAN++ [9], AT-GAN [36], Defense-GAN [25] and [33] are few works where latent space was learnt using GANs to carry out learning the distribution of the training set and generate adversarial examples accordingly. It is imperative to note here that these attacks are different from our work as we have utilized autoencoders in our work to ensure that the adversarial examples remain in a modified distribution where the input images' latent space are combined with target class (the one with second highest probability in prediction).…”

Section: Related Workmentioning

confidence: 99%

Generating Out of Distribution Adversarial Attack using Latent Space Poisoning

Upadhyay,

Mukherjee

2020

Preprint

View full text Add to dashboard Cite

Traditional adversarial attacks rely upon the perturbations generated by gradients from the network which are generally safeguarded by gradient guided search to provide an adversarial counterpart to the network. In this paper, we propose a novel mechanism of generating adversarial examples where the actual image is not corrupted rather its latent space representation is utilized to tamper the inherent structure of the image while maintaining the perceptual quality intact and to act as legitimate data samples. As opposed to gradient-based attacks, the latent space poisoning exploits the inclination of classifiers to model the independent and identical distribution of the training dataset and tricks it by producing out of distribution samples. We train a disentangled variational autoencoder (β-VAE) to model the data in latent space and then we add noise perturbations using a class-conditioned distribution function to the latent space under the constraint that it is misclassified to the target label. Our empirical results on MNIST, SVHN, and CelebA dataset validate that the generated adversarial examples can easily fool robust l 0 , l 2 , l ∞ norm classifiers designed using provably robust defense mechanisms. * Webpage: https://ujjwal-9.github.io/ Preprint. Under review.

show abstract

AdvGAN++: Harnessing Latent Layers for Adversary Generation

Cited by 56 publications

References 7 publications

TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems

TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems

A Two-Stage Generative Adversarial Networks With Semantic Content Constraints for Adversarial Example Generation

Generating Out of Distribution Adversarial Attack using Latent Space Poisoning

Contact Info

Product

Resources

About