AdvFlow: Inconspicuous Black-box Adversarial Attacks using Normalizing Flows

Hadi Mohaghegh Dolatabadi; Sarah Erfani; Christopher Leckie

Conference Proceedings

AdvFlow: Inconspicuous Black-box Adversarial Attacks using Normalizing Flows

Hadi Mohaghegh Dolatabadi, Sarah Erfani, Christopher Leckie

Advances in Neural Information Processing Systems (NeurIPS 2020) | Curran Associates, Inc. | Published : 2020

Download PDF

Abstract

Deep learning classifiers are susceptible to well-crafted, imperceptible variations of their inputs, known as adversarial attacks. In this regard, the study of powerful attack models sheds light on the sources of vulnerability in these classifiers, hopefully leading to more robust ones. In this paper, we introduce AdvFlow: a novel black-box adversarial attack method on image classifiers that exploits the power of normalizing flows to model the density of adversarial examples around a given target image. We see that the proposed method generates adversaries that closely follow the clean data distribution, a property which makes their detection less likely. Also, our experimental results show ..

View full abstract

University of Melbourne Researchers

Sarah Monazam Erfani Author

Christopher Leckie Author

Related Projects (1)

A HIGH-PERFORMANCE CLOUD RESOURCE FOR COMPUTATIONAL MODELLING

This project aims to build a relatively low-cost graphical-processing-unit-based cloud-accessible facility. Much current cutting-edge resear..

Grants

Awarded by Australian Research Council

Funding Acknowledgements

This research was undertaken using the LIEF HPC-GPGPU Facility hosted at the University of Melbourne. This Facility was established with the assistance of LIEF Grant LE170100200.

Citation metrics

52Scopus

15Web of Science

Keywords

Science & Technology

Computer Science, Information Systems

Computer Science, Artificial Intelligence

Computer Science

Technology