Abstract
Traditional research on generating adversarial examples has mainly focused on artificially adding imperceptible perturbations to input examples. Typically, the perturbation information in adversarial examples has no practical meaning. This study proposes a novel scheme for generating adversarial examples by embedding invisible watermarks based on basin-hopping improvement (BHI). To produce adversarial examples, the proposed BHI scheme is implemented by embedding invisible watermarks into original images based on a data-hiding technique. Specifically, the BHI scheme determines the corresponding coordinates of host images and watermark sizes. By considering the specific coordinates and size, the BHI scheme invisibly embeds the watermarks into the host images to generate adversarial examples. Experimental results show that the attack success rate of the BHI scheme reaches 93.5%. The proposed BHI scheme not only completes the function of an adversarial attack but also protects the copyright of adversarial examples. Moreover, the adversarial examples exhibit outstanding visual and robust performance, providing additional visual protection to avoid the risk of attack.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
