UNIVERSAL ADVERSARIAL ATTACK VIA ENHANCED PROJECTED GRADIENT DESCENT

It has been shown that there exist small and image-independent perturbations, called universal perturbations, that can fool deep-learning-based classifiers, resulting in a significant decrease in classification accuracy. In this paper, we propose a novel method to compute more effective universal perturbations via enhanced projected gradient descent on targeted classifiers. By maximizing the original loss function of the targeted model, we update the adversarial example with backpropagation and optimize the perturbation by accumulating small updates on perturbed images consecutively. We generate our attack for several modern CNN classifiers using ImageNet and compare the attack performance with other state-of-the-art universal adversarial attack methods. Performance results show that our proposed adversarial attack method can achieve much higher fooling rates as compared to state-of-the-art universal adversarial attack methods and can realize good generalization on cross-model evaluation.