Abstract
From recent research work, it has been shown that neural network (NN) classifiers are vulnerable to adversarial examples which contain special perturbations that are ignored by human eyes while can mislead NN classifiers. In this paper, we propose a practical black-box adversarial example generator, dubbed ManiGen. ManiGen does not require any knowledge of the inner state of the target classifier. It generates adversarial examples by searching along the manifold, which is a concise representation of input data. Through extensive set of experiments on different datasets, we show that (1) adversarial examples generated by ManiGen can mislead standalone classifiers by being as successful as the state-of-the-art white-box generator, Carlini , and (2) adversarial examples generated by ManiGen can more effectively attack classifiers with state-of-the-art defenses.
Highlights
Due to the surprisingly good representation power of complex distributions, neural network (NN) classifiers are widely used in many applications
To further evaluate our ManiGen, we compare its generated adversarial examples with those generated by Carlini, which is a stateof-the-art white-box generator that upper bounds the existing black-box generators
The results show that ManiGen adversarial examples can mislead standalone classifiers with 100% success rate which is at the same level as Carlini
Summary
Due to the surprisingly good representation power of complex distributions, neural network (NN) classifiers are widely used in many applications. The white-box generators usually formulate an optimization problem which utilizes information from target classifier’s prediction or inner states. The trasferability-based black-box generator [4] has lower success rate due to the difference between target and substitute classifiers. To the best of our knowledge, ManiGen is the first black-box approach that utilizes the manifold of the training data to generate adversarial examples. As a black-box generator, our proposed ManiGen approach has the following advantages. We design a black-box approach for generating adversarial examples against NN classifier. Our approach, dubbed ManiGen, is distinguished by being model agnostic, that is, it generates adversarial examples without demanding any information about the inner states of the target classifier. ManiGen utilizes the autoencoder based approach to search adversarial examples along the manifold of the training data.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
