Knowledge Commons of Institute of Automation,CAS
F-mixup: Attack CNNs from Fourier perspective | |
Xiu-Chuan Li1,2; Xu-Yao Zhang1,2; Fei Yin1,2; Cheng-Lin Liu1,2 | |
2021 | |
会议名称 | International Conference on Pattern Recognition (ICPR) |
会议日期 | January 10-15, 2021 |
会议地点 | Milan, Italy |
摘要 | Recent research has revealed that deep neural networks are highly vulnerable to adversarial examples. In this paper, different from most adversarial attacks which directly modify pixels in spatial domain, we propose a novel black-box attack in frequency domain, named as f-mixup, based on the property of natural images and perception disparity between human-visual system (HVS) and convolutional neural networks (CNNs): First, natural images tend to have the bulk of their Fourier spectrums concentrated on the low frequency domain; Second, HVS is much less sensitive to high frequencies while CNNs can utilize both low and high frequency information to make predictions. Extensive experiments are conducted and show that deeper CNNs tend to concentrate more on the higher frequency domain, which may explain the contradiction between robustness and accuracy. In addition, we compared f-mixup with existing attack methods and observed that our approach possesses great advantages. Finally, we show that f-mixup can be also incorporated in training to make deep CNNs defensible against a kind of perturbations effectively. |
七大方向——子方向分类 | 模式识别基础 |
国重实验室规划方向分类 | 可解释人工智能 |
是否有论文关联数据集需要存交 | 否 |
文献类型 | 会议论文 |
条目标识符 | http://ir.ia.ac.cn/handle/173211/47477 |
专题 | 多模态人工智能系统全国重点实验室_模式分析与学习 |
通讯作者 | Xu-Yao Zhang |
作者单位 | 1.中科院自动化所 2.中国科学院大学人工智能学院 |
第一作者单位 | 中国科学院自动化研究所 |
通讯作者单位 | 中国科学院自动化研究所 |
推荐引用方式 GB/T 7714 | Xiu-Chuan Li,Xu-Yao Zhang,Fei Yin,et al. F-mixup: Attack CNNs from Fourier perspective[C],2021. |
条目包含的文件 | 下载所有文件 | |||||
文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
F-mixup_Attack_CNNs_(2414KB) | 会议论文 | 开放获取 | CC BY-NC-SA | 浏览 下载 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论