Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards a Fourier Perspective

Cited 17 time in webofscience Cited 0 time in scopus
  • Hit : 114
  • Download : 0
DC FieldValueLanguage
dc.contributor.authorZhang, Chaoningko
dc.contributor.authorBenz, Philippko
dc.contributor.authorKarjauv, Adilko
dc.contributor.authorKweon, In Soko
dc.date.accessioned2021-10-27T05:30:16Z-
dc.date.available2021-10-27T05:30:16Z-
dc.date.created2021-10-27-
dc.date.created2021-10-27-
dc.date.issued2021-02-
dc.identifier.citation35th AAAI Conference on Artificial Intelligence / 33rd Conference on Innovative Applications of Artificial Intelligence / 11th Symposium on Educational Advances in Artificial Intelligence, pp.3296 - 3304-
dc.identifier.issn2159-5399-
dc.identifier.urihttp://hdl.handle.net/10203/288342-
dc.description.abstractThe booming interest in adversarial attacks stems from a misalignment between human vision and a deep neural network ( DNN), i.e. a human imperceptible perturbation fools the DNN. Moreover, a single perturbation, often called universal adversarial perturbation (UAP), can be generated to fool the DNN for most images. A similar misalignment phenomenon has also been observed in the deep steganography task, where a decoder network can retrieve a secret image back from a slightly perturbed cover image. We attempt explaining the success of both in a unified manner from the Fourier perspective. We perform task-specific and joint analysis and reveal that (a) frequency is a key factor that influences their performance based on the proposed entropy metric for quantifying the frequency distribution; (b) their success can be attributed to a DNN being highly sensitive to high-frequency content. We also perform feature layer analysis for providing deep insight on model generalization and robustness. Additionally, we propose two new variants of universal perturbations: (1) high-pass UAP (HP-UAP) being less visible to the human eye; (2) Universal Secret Adversarial Perturbation (USAP) that simultaneously achieves attack and hiding.-
dc.languageEnglish-
dc.publisherASSOC ADVANCEMENT ARTIFICIAL INTELLIGENCE-
dc.titleUniversal Adversarial Perturbations Through the Lens of Deep Steganography: Towards a Fourier Perspective-
dc.typeConference-
dc.identifier.wosid000680423503045-
dc.identifier.scopusid2-s2.0-85129983459-
dc.type.rimsCONF-
dc.citation.beginningpage3296-
dc.citation.endingpage3304-
dc.citation.publicationname35th AAAI Conference on Artificial Intelligence / 33rd Conference on Innovative Applications of Artificial Intelligence / 11th Symposium on Educational Advances in Artificial Intelligence-
dc.identifier.conferencecountryUS-
dc.identifier.conferencelocationELECTR NETWORK-
dc.contributor.localauthorKweon, In So-
dc.contributor.nonIdAuthorZhang, Chaoning-
dc.contributor.nonIdAuthorBenz, Philipp-
dc.contributor.nonIdAuthorKarjauv, Adil-
Appears in Collection
EE-Conference Papers(학술회의논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 17 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0