In recent years, convolutional neural networks (CNNs) are widely used in various computer vision tasks with advanced performance. However, adversarial samples which add small-magnitude perturbation to images or videos are seriously threatening the application of CNNs. Some existing attack methods pay attention to the time domain information of the inputs, while the information in frequency domain is usually ignored. Others attack frequency domain by massive queries or significantly perceivable perturbation. In this paper, we propose a new method to attack the frequency information. The frequency information is combined with the Generative Adversarial Network (GAN) to design a novel algorithm called Frequency Attack Framework (FAF), which can attack the high-frequency information and the low-frequency information. Double discriminators are constructed on the GAN architecture to make attack more efficient in different frequency bands. The proposed algorithm generates optimal perturbation, resulting in adversarial samples with high attack transferability and quality. Several well-trained CNNs are fooled by FAF, and all of them have high error rates. Even when CNNs add defenses, our algorithm has a good performance.
CITATION STYLE
Ding, J., Yin, J., Dun, J., Zhang, W., & Wang, Y. (2022). Attacking Frequency Information with Enhanced Adversarial Networks to Generate Adversarial Samples. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 13598 LNCS, pp. 61–73). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-20713-6_5
Mendeley helps you to discover research relevant for your work.