NAG :Network for Adversary Generation [arXiv 17]

One Line Summary

• A generative approach to model the distribution of adversarial perturbations.

Motivation

• Existing methods present optimization approaches that solve for a fooling objective with an imperceptibility constraint to craft the perturbations. However, for a given classifier, they generate one perturbation at a time.

Detailed Summary

• The architecture of the proposed model is inspired from that of GANs
• Loss formulation has diversity objective that helps generate the diverse set of perturbations.
• Fooling objective is formaulated by passing the benign batch and adversarial batch through the target classifier
• While the diversity objective is formulated by passing the adversarial batcha and the shuffled adversarial batch.

Novelty and Contributions

• Achieve state-of-the-art fooling rates.
• Generated perturbaitons exhibit wide variety.
• Execellent cross model generalizability and first model to use generative modeling for adversarial perturbations.

Network Details

• Network has a Generator that is update to generate the adversarial perturbations.
• Target classifier is used as is without any training, but the output of target classifier to is used to update the generator.

Results

Authors

Konda Reddy Mopuri, Utkarsh Ojha, Utsav Garg, R. Venkatesh Babu

Sources

Paper