Neural networks are prone to adversarial attacks. In general, such attacks deteriorate the quality of the input by either slightly modifying most of its pixels, or by occluding it with a patch. In this paper, we propose a method that keeps the image unchanged and only adds an adversarial framing on the border of the image. We show empirically that our method is able to successfully attack state-of-the-art methods on both image and video classification problems. Notably, the proposed method results in a universal attack which is very fast at test time. Source code can be found at https://github.com/zajaczajac/adv_framing .
翻译:神经网络容易遭到对抗性攻击。 一般来说,这种攻击通过略微修改大部分像素或用补丁来降低输入的质量。 在本文中,我们提出一种方法,使图像保持不变,只在图像的边界上添加一个对抗性框架。我们从经验上表明,我们的方法能够成功地在图像和视频分类问题上打击最先进的方法。值得注意的是,拟议的方法导致普遍攻击,在测试时速度非常快。源代码见https://github.com/zajaczajac/adv_framing。
相关内容
微信扫码咨询专知VIP会员