Fast Feature Fool: A data independent approach to universal adversarial perturbations

Konda Reddy Reddy, Utsav Garg and Venkatesh Babu Radhakrishnan

Abstract

State-of-the-art object recognition Convolutional Neural Networks (CNNs) are shown to be fooled by image agnostic perturbations, called universal adversarial perturbations. It is also observed that these perturbations generalize across multiple networks trained on the same target data. However, these algorithms require training data on which the CNNs were trained and compute adversarial perturbations via complex optimization. The fooling performance of these approaches is directly proportional to the amount of available training data. This makes them unsuitable for practical attacks since its unreasonable for an attacker to have access to the training data. In this paper, for the first time, we propose a novel data independent approach to generate image agnostic perturbations for a range of CNNs trained for object recognition. We further show that these perturbations are transferable across multiple network architectures trained either on same or different data. In the absence of data, our method generates universal perturbations efficiently via fooling the features learned at multiple layers thereby causing CNNs to misclassify.

Session

Posters

Files

PDF iconPaper (PDF)

DOI

10.5244/C.31.30
https://dx.doi.org/10.5244/C.31.30

Citation

Konda Reddy Reddy, Utsav Garg and Venkatesh Babu Radhakrishnan. Fast Feature Fool: A data independent approach to universal adversarial perturbations. In T.K. Kim, S. Zafeiriou, G. Brostow and K. Mikolajczyk, editors, Proceedings of the British Machine Vision Conference (BMVC), pages 30.1-30.12. BMVA Press, September 2017.

Bibtex

            @inproceedings{BMVC2017_30,
                title={Fast Feature Fool: A data independent approach to universal adversarial perturbations},
                author={Konda Reddy Reddy, Utsav Garg and Venkatesh Babu Radhakrishnan},
                year={2017},
                month={September},
                pages={30.1-30.12},
                articleno={30},
                numpages={12},
                booktitle={Proceedings of the British Machine Vision Conference (BMVC)},
                publisher={BMVA Press},
                editor={Tae-Kyun Kim, Stefanos Zafeiriou, Gabriel Brostow and Krystian Mikolajczyk},
                doi={10.5244/C.31.30},
                isbn={1-901725-60-X},
                url={https://dx.doi.org/10.5244/C.31.30}
            }