Adversarial scratches: Deployable attacks to CNN classifiers

作者:

Highlights:

• We present Adversarial Scratches, a powerful attack to CNN classifiers.

• Adversarial Scratches are designed to be deployable over a target image region.

• We adopt Bezier Curves to reduce the dimensionality of the search space.

• Adversarial Scratches yield state-of-the-art performance amongst deployable attacks.

• We propose image filtering defenses and investigate their impact on healthy images.

摘要

•We present Adversarial Scratches, a powerful attack to CNN classifiers.•Adversarial Scratches are designed to be deployable over a target image region.•We adopt Bezier Curves to reduce the dimensionality of the search space.•Adversarial Scratches yield state-of-the-art performance amongst deployable attacks.•We propose image filtering defenses and investigate their impact on healthy images.

论文关键词:Adversarial perturbations,Adversarial attacks,Deep learning,Convolutional neural networks,Bézier curves

论文评审过程:Received 3 March 2022, Revised 13 July 2022, Accepted 16 August 2022, Available online 19 August 2022, Version of Record 26 August 2022.

论文官网地址:https://doi.org/10.1016/j.patcog.2022.108985