| Author: | Tang, Zibin |
| Title: | Improvement in constructing unrestricted adversarial examples with generative models |
| Advisors: | Xiao, Bin (COMP) |
| Degree: | M.Sc. |
| Year: | 2021 |
| Subject: | Machine learning Artificial intelligence Hong Kong Polytechnic University -- Dissertations |
| Department: | Department of Computing |
| Pages: | [58] pages : color illustrations |
| Language: | English |
| Abstract: | Adversarial examples are typically constructed by perturbation-based attack which perturb example with a small matrix norm. And there are numbers of defense method designed for this kind of adversarial example. Recently, a new attack method, unrestricted adversarial examples, are proposed. In this attack method, the attacker removes the small norm-bounded constraints and produces unrestricted adversarial examples entirely from scratch using trained generative models (AC-GAN). And then with desired class, it searches over the latent space to find images that could fool a victim classifier. In this paper, inspired by VAEGAN, VAE is introduced into AC-GAN to improve original generative model. The unrestricted adversarial examples generated by original methods and improved methods are given to humans for evaluating whether they are legitimate or not. The dataset in our experiments is MNIST. The victim classifier is Zico classifier, which is certified defense design for perturbation - based adversarial example. As experiment results shown, the overall success rate of our improved attack is higher than that of original one. |
| Rights: | All rights reserved |
| Access: | restricted access |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 5861.pdf | For All Users (off-campus access for PolyU Staff & Students only) | 3.31 MB | Adobe PDF | View/Open |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/11375