Semi-Universal Adversarial Perturbations

J. Frecon, G. Gasso and S. Canu
Submitted to IEEE Transactions on Pattern Analysis and Machine Intelligence, 2022
project teaser


The present work introduces a framework for learning and selecting semi-universal adversarial perturbations. It relies on a joint estimation of multiple universal adversarial perturbations which are chosen in an unsupervised manner depending on the sample to attack. Two algorithmic solutions, with convergence guarantees under Lipschitz continuity assumptions, are proposed to handle either small scale or large scale datasets. Numerical experiments, conducted on benchmark datasets, support its unifying aspect between universal and specific attacks as the number of perturbations grows. In addition, the learned perturbations display strong patterns indicative of the existing similarities between the training instances of different classes.


PDF   BibTeX