What if Adversarial Samples were Digital Images?

Document type :

Communication dans un congrès avec actes

DOI :

10.1145/3369412.3395062

Title :

What if Adversarial Samples were Digital Images?

Author(s) :

Bonnet, Benoît [Auteur]
Creating and exploiting explicit links between multimedia fragments [LinkMedia]
Furon, Teddy [Auteur]
Creating and exploiting explicit links between multimedia fragments [LinkMedia]
Bas, Patrick [Auteur]

Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]

Conference title :

IH&MMSEC 2020 - 8th ACM Workshop on Information Hiding and Multimedia Security

City :

Denver

Country :

France

Start date of the conference :

2020-06-22

Journal title :

IH&MMSec '20: Proceedings of the 2020 ACM Workshop on Information Hiding and Multimedia Security

Publisher :

ACM

English keyword(s) :

Image classification
adversarial samples
neural networks

HAL domain(s) :

Sciences de l'ingénieur [physics]/Traitement du signal et de l'image [eess.SP]
Informatique [cs]/Cryptographie et sécurité [cs.CR]

English abstract : [en]

Although adversarial sampling is a trendy topic in computer vision , very few works consider the integral constraint: The result of the attack is a digital image whose pixel values are integers. This is not an issue at ...
Show more >Although adversarial sampling is a trendy topic in computer vision , very few works consider the integral constraint: The result of the attack is a digital image whose pixel values are integers. This is not an issue at first sight since applying a rounding after forging an adversarial sample trivially does the job. Yet, this paper shows theoretically and experimentally that this operation has a big impact. The adversarial perturbations are fragile signals whose quantization destroys its ability to delude an image classifier. This paper presents a new quantization mechanism which preserves the adversariality of the perturbation. Its application outcomes to a new look at the lessons learnt in adversarial sampling.Show less >

Language :

Anglais

Peer reviewed article :

Oui

Audience :

Internationale

Popular science :

Non

ANR Project :

Sécurité de l'Intelligence Artificielle pour des Applications Défense

Collections :

Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189

Source :

Harvested from HAL

Files

https://hal.archives-ouvertes.fr/hal-02553006v2/document
Open access
Access the document

https://hal.archives-ouvertes.fr/hal-02553006v2/document
Open access
Access the document

https://hal.archives-ouvertes.fr/hal-02553006v2/document
Open access
Access the document