This paper introduces stochastic sparse adversarial attacks (SSAA), standing as simple, fast and purely noise-based targeted and untargeted attacks of neural network classifiers (NNC). SSAA offer new examples of sparse (or L0) attacks for which only few methods have been proposed previously. These attacks are devised by exploiting a small-time expansion idea widely used for Markov processes. Experiments on small and large datasets (CIFAR-10 and ImageNet) illustrate several advantages of SSAA in comparison with the-state-of-the-art methods. For instance, in the untargeted case, our method called Voting Folded Gaussian Attack (VFGA) scales efficiently to ImageNet and achieves a significantly lower L0 score than SparseFool (up to 52) while being faster. Moreover, VFGA achieves better L0 scores on ImageNet than Sparse-RS when both attacks are fully successful on a large number of samples.
@article{arxiv.2011.12423,
title = {Stochastic sparse adversarial attacks},
author = {Manon Césaire and Lucas Schott and Hatem Hajri and Sylvain Lamprier and Patrick Gallinari},
journal= {arXiv preprint arXiv:2011.12423},
year = {2022}
}
Comments
Final version published at the ICTAI 2021 conference with a best student paper award. Codes are available through the link: https://github.com/hhajri/stochastic-sparse-adv-attacks