Exploiting Human Perception for Adversarial Attacks

Abstract There has been a significant amount of recent work towards fooling deep-learning-based classifiers, particularly for images, via adversarial inputs that are perceptually similar to be- nign examples. However, researchers typically use minimization of the Lp-norm as a proxy for imperceptibility, an approach that oversimplifies the complexity of real-world images and human visual perception. We exploit the relationship between image features and human perception to propose a Perceptual Loss (PL) metric to better capture human imperceptibly during the generation of adversarial images. By focusing on human perceptible distortion of image features, the metric yields better visual quality adversarial images as our experiments validate. Our results also demonstrate the effectiveness and efficiency of our algorithm.
Authors
  • Pengrui Quan (UCLA)
  • Mani Srivastava (UCLA)
Date Sep-2020
Venue 4th Annual Fall Meeting of the DAIS ITA, 2020