Seminar for Applied Mathematics

Search

EN

Research reports

Years: 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991

ADef: an Iterative Algorithm to Construct Adversarial Deformations

by R. Alaifari and G.S. Alberti and T. Gauksson

(Report number 2018-15)

Abstract
While deep neural networks have proven to be a powerful tool for many recognition and classification tasks, their stability properties are still not well understood. In the past, image classifiers have been shown to be vulnerable to so-called adversarial attacks, which are created by additively perturbing the correctly classified image. In this paper, we propose the ADef algorithm to construct a different kind of adversarial attack created by iteratively applying small deformations to the image, found through a gradient descent step. We demonstrate our results on MNIST with a convolutional neural network and on ImageNet with Inception-v3 and ResNet-101.

Keywords: Adversarial Examples, Adversarial Deformations, Deep Learning, Neural Networks, Machine Learning, Stability

BibTeX 
@Techreport{AAG18_769,
  author = {R. Alaifari and G.S. Alberti and T. Gauksson},
  title = {ADef: an Iterative Algorithm to Construct Adversarial Deformations},
  institution = {Seminar for Applied Mathematics, ETH Z{\"u}rich},
  number = {2018-15},
  address = {Switzerland},
  url = {https://www.sam.math.ethz.ch/sam_reports/reports_final/reports2018/2018-15.pdf },
  year = {2018}
}
Download

Disclaimer
© Copyright for documents on this server remains with the authors. Copies of these documents made by electronic or mechanical means including information storage and retrieval systems, may only be employed for personal use. The administrators respectfully request that authors inform them when any paper is published to avoid copyright infringement. Note that unauthorised copying of copyright material is illegal and may lead to prosecution. Neither the administrators nor the Seminar for Applied Mathematics (SAM) accept any liability in this respect. The most recent version of a SAM report may differ in formatting and style from published journal version. Do reference the published version if possible (see SAM Publications).

JavaScript has been disabled in your browser