Art of Singular Vectors and Universal Adversarial Perturbations

Valentin Khrulkov, Ivan Oseledets

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    49 Citations (Scopus)

    Abstract

    Vulnerability of Deep Neural Networks (DNNs) to adversarial attacks has been attracting a lot of attention in recent studies. It has been shown that for many state of the art DNNs performing image classification there exist universal adversarial perturbations - image-agnostic perturbations mere addition of which to natural images with high probability leads to their misclassification. In this work we propose a new algorithm for constructing such universal perturbations. Our approach is based on computing the so-called (p, q)-singular vectors of the Jacobian matrices of hidden layers of a network. Resulting perturbations present interesting visual patterns, and by using only 64 images we were able to construct universal perturbations with more than 60 % fooling rate on the dataset consisting of 50000 images. We also investigate a correlation between the maximal singular value of the Jacobian matrix and the fooling rate of the corresponding singular vector, and show that the constructed perturbations generalize across networks.

    Original languageEnglish
    Title of host publicationProceedings - 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2018
    PublisherIEEE Computer Society
    Pages8562-8570
    Number of pages9
    ISBN (Electronic)9781538664209
    DOIs
    Publication statusPublished - 14 Dec 2018
    Event31st Meeting of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2018 - Salt Lake City, United States
    Duration: 18 Jun 201822 Jun 2018

    Publication series

    NameProceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition
    ISSN (Print)1063-6919

    Conference

    Conference31st Meeting of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2018
    Country/TerritoryUnited States
    CitySalt Lake City
    Period18/06/1822/06/18

    Fingerprint

    Dive into the research topics of 'Art of Singular Vectors and Universal Adversarial Perturbations'. Together they form a unique fingerprint.

    Cite this