Generating Adversarial Attacks in the Latent Space

Shukla, Nitish; Banerjee, Sudipta

Nitish Shukla, Sudipta Banerjee; Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, 2023, pp. 730-739

Abstract

Adversarial attacks in the input (pixel) space typically incorporate noise margins such as L_1 or L_-norm to produce imperceptibly perturbed data that can confound deep learning networks. Such noise margins confine the magnitude of permissible noise. In this work, we propose injecting adversarial perturbations in the latent (feature) space using a generative adversarial network, removing the need for margin-based priors. Experiments on MNIST, CIFAR10, Fashion-MNIST, CIFAR100 and Stanford Dogs datasets support the effectiveness of the proposed method in generating adversarial attacks in the latent space while ensuring a high degree of visual realism with respect to pixel-based adversarial attack methods.

Related Material

[pdf] [arXiv]

[bibtex]

@InProceedings{Shukla_2023_CVPR, author = {Shukla, Nitish and Banerjee, Sudipta}, title = {Generating Adversarial Attacks in the Latent Space}, booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops}, month = {June}, year = {2023}, pages = {730-739} }