Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior
Thomas Gittings (University of Surrey), Steve Schneider (University of Surrey), John Collomosse (University of Surrey) AbstractWe present a novel method for generating robust adversarial image examples building upon the recent `deep image prior' (DIP) that exploits convolutional network architectures to enforce plausible texture in image synthesis. Adversarial images are commonly generated by perturbing images to introduce high frequency noise that induces image misclassification, but that is fragile to subsequent digital manipulation of the image. We show that using DIP to reconstruct an image under adversarial constraint induces perturbations that are more robust to affine deformation, whilst remaining visually imperceptible. Furthermore we show that our DIP approach can also be adapted to produce local adversarial patches (`adversarial stickers'). We demonstrate robust adversarial examples over a broad gamut of images and object classes drawn from the ImageNet dataset.
DOI
10.5244/C.33.26
https://dx.doi.org/10.5244/C.33.26
Files
Paper (PDF)BibTeX
@inproceedings{BMVC2019,
title={Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior},
author={Thomas Gittings and Steve Schneider and John Collomosse},
year={2019},
month={September},
pages={26.1--26.12},
articleno={26},
numpages={12},
booktitle={Proceedings of the British Machine Vision Conference (BMVC)},
publisher={BMVA Press},
editor={Kirill Sidorov and Yulia Hicks},
doi={10.5244/C.33.26},
url={https://dx.doi.org/10.5244/C.33.26}
}
title={Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior},
author={Thomas Gittings and Steve Schneider and John Collomosse},
year={2019},
month={September},
pages={26.1--26.12},
articleno={26},
numpages={12},
booktitle={Proceedings of the British Machine Vision Conference (BMVC)},
publisher={BMVA Press},
editor={Kirill Sidorov and Yulia Hicks},
doi={10.5244/C.33.26},
url={https://dx.doi.org/10.5244/C.33.26}
}