论文标题
地毯炸弹补丁:攻击无通常要求的深层网络
Carpet-bombing patch: attacking a deep network without usual requirements
论文作者
论文摘要
尽管深层网络已经显示出逃避攻击的脆弱性,但这种攻击通常具有不现实的要求。最近的文献讨论了删除或不删除其中一些要求的可能性。本文通过引入地毯炸弹贴片攻击来为这一文献做出贡献,该攻击几乎没有要求。针对功能表示形式,此补丁攻击不需要知道网络任务。这种攻击降低了Imagenet上的准确性,Pascal VOC的映射以及在CityScapes上的IOU,而没有意识到基本任务分别涉及分类,检测或语义细分。除了这次攻击引起的潜在安全问题之外,地毯炸弹攻击的影响还强调了深网层动态的一些有趣的属性。
Although deep networks have shown vulnerability to evasion attacks, such attacks have usually unrealistic requirements. Recent literature discussed the possibility to remove or not some of these requirements. This paper contributes to this literature by introducing a carpet-bombing patch attack which has almost no requirement. Targeting the feature representations, this patch attack does not require knowing the network task. This attack decreases accuracy on Imagenet, mAP on Pascal Voc, and IoU on Cityscapes without being aware that the underlying tasks involved classification, detection or semantic segmentation, respectively. Beyond the potential safety issues raised by this attack, the impact of the carpet-bombing attack highlights some interesting property of deep network layer dynamic.
