Perceptual-Sensitive GAN for Generating Adversarial Patches

Authors

  • Aishan Liu Beihang University
  • Xianglong Liu Beihang University
  • Jiaxin Fan Beihang University
  • Yuqing Ma Beihang University
  • Anlan Zhang Beihang University
  • Huiyuan Xie University of Cambridge
  • Dacheng Tao University of Sydney

DOI:

https://doi.org/10.1609/aaai.v33i01.33011028

Abstract

Deep neural networks (DNNs) are vulnerable to adversarial examples where inputs with imperceptible perturbations mislead DNNs to incorrect results. Recently, adversarial patch, with noise confined to a small and localized patch, emerged for its easy accessibility in real-world. However, existing attack strategies are still far from generating visually natural patches with strong attacking ability, since they often ignore the perceptual sensitivity of the attacked network to the adversarial patch, including both the correlations with the image context and the visual attention. To address this problem, this paper proposes a perceptual-sensitive generative adversarial network (PS-GAN) that can simultaneously enhance the visual fidelity and the attacking ability for the adversarial patch. To improve the visual fidelity, we treat the patch generation as a patch-to-patch translation via an adversarial process, feeding any types of seed patch and outputting the similar adversarial patch with high perceptual correlation with the attacked image. To further enhance the attacking ability, an attention mechanism coupled with adversarial generation is introduced to predict the critical attacking areas for placing the patches, which can help producing more realistic and aggressive patches. Extensive experiments under semi-whitebox and black-box settings on two large-scale datasets GTSRB and ImageNet demonstrate that the proposed PS-GAN outperforms state-of-the-art adversarial patch attack methods.

Downloads

Published

2019-07-17

How to Cite

Liu, A., Liu, X., Fan, J., Ma, Y., Zhang, A., Xie, H., & Tao, D. (2019). Perceptual-Sensitive GAN for Generating Adversarial Patches. Proceedings of the AAAI Conference on Artificial Intelligence, 33(01), 1028-1035. https://doi.org/10.1609/aaai.v33i01.33011028

Issue

Section

AAAI Technical Track: Applications