adverserial ideas - hassony2/inria-research-wiki GitHub Wiki

Vision

• Resistance to more complex and 'real world' transformations
  • multi-scale adverserial examples (better transfer to physical world ?) (optimize different levels of the pyramid? change label depending on scale ?)
  • resilient to homographies (plan deformation, several point of view, direct application to traffic signs and all other kind of written information)
  • resistance to transforms to even more complex transforms that match 3D deformations mapped into 2D

Noise in attacks

• "patterned" noise
  • random noise doesn't impact activation in expectation (because of linearity)
  • instead of random noise target local patterns that are susceptible to disrupt the activations of convolutions

Black box attacks

• gain knowledge by querying on synthesized dataset (based on Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples)