Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards a Fourier Perspective
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Zhang, Chaoning | ko |
| dc.contributor.author | Benz, Philipp | ko |
| dc.contributor.author | Karjauv, Adil | ko |
| dc.contributor.author | Kweon, In So | ko |
| dc.date.accessioned | 2021-10-27T05:30:16Z | - |
| dc.date.available | 2021-10-27T05:30:16Z | - |
| dc.date.created | 2021-10-27 | - |
| dc.date.created | 2021-10-27 | - |
| dc.date.issued | 2021-02 | - |
| dc.identifier.citation | 35th AAAI Conference on Artificial Intelligence / 33rd Conference on Innovative Applications of Artificial Intelligence / 11th Symposium on Educational Advances in Artificial Intelligence, pp.3296 - 3304 | - |
| dc.identifier.issn | 2159-5399 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/288342 | - |
| dc.description.abstract | The booming interest in adversarial attacks stems from a misalignment between human vision and a deep neural network ( DNN), i.e. a human imperceptible perturbation fools the DNN. Moreover, a single perturbation, often called universal adversarial perturbation (UAP), can be generated to fool the DNN for most images. A similar misalignment phenomenon has also been observed in the deep steganography task, where a decoder network can retrieve a secret image back from a slightly perturbed cover image. We attempt explaining the success of both in a unified manner from the Fourier perspective. We perform task-specific and joint analysis and reveal that (a) frequency is a key factor that influences their performance based on the proposed entropy metric for quantifying the frequency distribution; (b) their success can be attributed to a DNN being highly sensitive to high-frequency content. We also perform feature layer analysis for providing deep insight on model generalization and robustness. Additionally, we propose two new variants of universal perturbations: (1) high-pass UAP (HP-UAP) being less visible to the human eye; (2) Universal Secret Adversarial Perturbation (USAP) that simultaneously achieves attack and hiding. | - |
| dc.language | English | - |
| dc.publisher | ASSOC ADVANCEMENT ARTIFICIAL INTELLIGENCE | - |
| dc.title | Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards a Fourier Perspective | - |
| dc.type | Conference | - |
| dc.identifier.wosid | 000680423503045 | - |
| dc.identifier.scopusid | 2-s2.0-85129983459 | - |
| dc.type.rims | CONF | - |
| dc.citation.beginningpage | 3296 | - |
| dc.citation.endingpage | 3304 | - |
| dc.citation.publicationname | 35th AAAI Conference on Artificial Intelligence / 33rd Conference on Innovative Applications of Artificial Intelligence / 11th Symposium on Educational Advances in Artificial Intelligence | - |
| dc.identifier.conferencecountry | US | - |
| dc.identifier.conferencelocation | ELECTR NETWORK | - |
| dc.contributor.localauthor | Kweon, In So | - |
| dc.contributor.nonIdAuthor | Zhang, Chaoning | - |
| dc.contributor.nonIdAuthor | Benz, Philipp | - |
| dc.contributor.nonIdAuthor | Karjauv, Adil | - |
- Appears in Collection
- EE-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 17 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.