Localized Uncertainty Attacks
Abstract
The susceptibility of deep learning models to adversarial perturbations has stirred renewed attention in adversarial examples resulting in a number of attacks. However, most of these attacks fail to encompass a large spectrum of adversarial perturbations that are imperceptible to humans. In this paper, we present localized uncertainty attacks, a novel class of threat models against deterministic and stochastic classifiers. Under this threat model, we create adversarial examples by perturbing only regions in the inputs where a classifier is uncertain. To find such regions, we utilize the predictive uncertainty of the classifier when the classifier is stochastic or, we learn a surrogate model to amortize the uncertainty when it is deterministic. Unlike ball or functional attacks which perturb inputs indiscriminately, our targeted changes can be less perceptible. When considered under our threat model, these attacks still produce strong adversarial examples; with the examples retaining a greater degree of similarity with the inputs.
Cite
@article{arxiv.2106.09222,
title = {Localized Uncertainty Attacks},
author = {Ousmane Amadou Dia and Theofanis Karaletsos and Caner Hazirbas and Cristian Canton Ferrer and Ilknur Kaynar Kabul and Erik Meijer},
journal= {arXiv preprint arXiv:2106.09222},
year = {2021}
}
Comments
CVPR 2021 Workshop on Adversarial Machine Learning in Computer Vision