Semi-Universal Adversarial Perturbations
- Jordan Frecon ,
- Gilles Gasso ,
- stephane canu
Abstract
The present work introduces a framework for learning and selecting
semi-universal adversarial perturbations. It relies on a joint
estimation of multiple universal adversarial perturbations which are
chosen in an unsupervised manner depending on the sample to attack. Two
algorithmic solutions, with convergence guarantees under Lipschitz
continuity assumptions, are proposed to handle either small scale or
large scale datasets. Numerical experiments, conducted on benchmark
datasets, support its unifying aspect between universal and specific
attacks as the number of perturbations grows. In addition, the learned
perturbations display strong patterns indicative of the existing
similarities between the training instances of different classes.