Reversible adversarial examples against local visual perturbation

Recently, studies have indicated that adversarial attacks pose a threat to deep learning systems. However, when there are only adversarial examples, people cannot get the original images, so there is research on reversible adversarial attacks. However, the existing strategies are aimed at invisible adversarial perturbation, and do not consider the case of locally visible adversarial perturbation. In this article, we generate reversible adversarial examples for local visual adversarial perturbation, and use reversible data embedding technology to embed the information needed to restore the original image into the adversarial examples to generate examples that are both adversarial and reversible. Experiments on ImageNet dataset show that our method can restore the original image losslessly while ensuring the attack capability.

[1]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[2]  Jitao Sang,et al.  Benign Adversarial Attack: Tricking Algorithm for Goodness , 2021, ArXiv.

[3]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[4]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[5]  J. Doye,et al.  Global Optimization by Basin-Hopping and the Lowest Energy Structures of Lennard-Jones Clusters Containing up to 110 Atoms , 1997, cond-mat/9803344.

[6]  Nenghai Yu,et al.  Reversible Adversarial Examples , 2018, ArXiv.

[7]  Xiaochun Cao,et al.  Adv-watermark: A Novel Watermark Perturbation for Adversarial Examples , 2020, ACM Multimedia.

[8]  Dawn Xiaodong Song,et al.  Delving into Transferable Adversarial Examples and Black-box Attacks , 2016, ICLR.

[9]  Yi Li,et al.  Scale fusion light CNN for hyperspectral face recognition with knowledge distillation and attention mechanism , 2021, Applied Intelligence.

[10]  Michael S. Bernstein,et al.  ImageNet Large Scale Visual Recognition Challenge , 2014, International Journal of Computer Vision.

[11]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[12]  Yoav Goldberg,et al.  LaVAN: Localized and Visible Adversarial Noise , 2018, ICML.

[13]  Xinpeng Zhang,et al.  Reversible data hiding based on reducing invalid shifting of pixels in histogram shifting , 2019, Signal Process..

[14]  A. Murat Tekalp,et al.  Reversible data hiding , 2002, Proceedings. International Conference on Image Processing.

[15]  Pranit Gopaldas Shah Robustness Analysis of Behavioral Cloning based Deep Learning Models for Obstacle mitigation in Autonomous Vehicles , 2020 .

[16]  Andrea Cavallaro,et al.  Scene Privacy Protection , 2019, ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[17]  Z. Yin,et al.  Reversible Adversarial Attack based on Reversible Image Transformation , 2019, 1911.02360.

[18]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[19]  Zhanxing Zhu,et al.  Interpreting Adversarially Trained Convolutional Neural Networks , 2019, ICML.

[20]  Logan Engstrom,et al.  Synthesizing Robust Adversarial Examples , 2017, ICML.

[21]  Bin Ma,et al.  Reversible data hiding: Advances in the past two decades , 2016, IEEE Access.

[22]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[23]  Dacheng Tao,et al.  Perceptual-Sensitive GAN for Generating Adversarial Patches , 2019, AAAI.

[24]  Yu Wang,et al.  Enhancing Adversarial Robustness For Image Classification By Regularizing Class Level Feature Distribution , 2021, International Conference on Information Photonics.

[25]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[26]  Jun Tian,et al.  Reversible data embedding using a difference expansion , 2003, IEEE Trans. Circuits Syst. Video Technol..

[27]  Martín Abadi,et al.  Adversarial Patch , 2017, ArXiv.

[28]  Kouichi Sakurai,et al.  One Pixel Attack for Fooling Deep Neural Networks , 2017, IEEE Transactions on Evolutionary Computation.

[29]  Jeffrey J. Rodríguez,et al.  Expansion Embedding Techniques for Reversible Watermarking , 2007, IEEE Transactions on Image Processing.

[30]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[31]  Weiming Zhang,et al.  Reversible Data Hiding in Encrypted Images by Reversible Image Transformation , 2016, IEEE Transactions on Multimedia.

[32]  Weiming Zhang,et al.  A High Visual Quality Color Image Reversible Data Hiding Scheme Based on B-R-G Embedding Principle and CIEDE2000 Assessment Metric , 2022, IEEE Transactions on Circuits and Systems for Video Technology.

[33]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[34]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.