Adaptive Perturbation for Adversarial Attack

arXiv:2111.13841v3 Announce Type: replace
Abstract: In recent years, the security of deep learning models achieves more and more attentions with the rapid development of neural networks, which are vulnerable to adversarial examples. Almost all existing gradient-based attack methods use the sign function in the generation to meet the requirement of perturbation budget on $L_\infty$ norm. However, we find that the sign function may be improper for generating adversarial examples since it modifies the exact gradient direction. Instead of using the …

abstract adversarial adversarial examples arxiv attack methods budget cs.cv deep learning development examples function gradient networks neural networks norm security type vulnerable