Universal Adversarial Perturbations

Moosavi-Dezfooli, Seyed-Mohsen; Fawzi, Alhussein; Fawzi, Omar; Frossard, Pascal

doi:10.1109/cvpr.2017.17

preprintJul 1, 2017GREEN OA

Universal Adversarial Perturbations

SMSeyed-Mohsen Moosavi-Dezfooli AFAlhussein Fawzi OFOmar Fawzi PFPascal Frossard

École Polytechnique Fédérale de Lausanne · Université Claude Bernard Lyon 1

Indexed incrossref

Abstract

Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations, and show that state-of-the-art deep neural networks are highly vulnerable to such perturbations, albeit being quasi-imperceptible to the human eye. We further empirically analyze these universal perturbations and show, in particular, that they generalize very well across neural networks. The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of…

Citation impact

2,698

total citations

FWCI: 198.32
Percentile: 100%
References: 37

Citations per year

Authors

4

Topics & keywords

Topics

Keywords

Adversarial system
Computer science
Exploit
Artificial intelligence
Classifier (UML)
Artificial neural network
Decision boundary
Deep neural networks

No related works found for this paper.

Funding

N
Nvidia