In adversarial deep learning, adversarial examples are used to attack the target models, such as deep neural networks (DNNs). The adversarial examples are always constructed by adding vicious perturbations to the original images, and the added perturbations are not easily perceived by human. In order to achieve high attack success rates of adversarial sample, existing attack strategies always increase the magnitudes of global perturbations. However, as the magnitudes are increasing, the attacks will be easily perceived by human. To address this problem, a new approach is proposed to generate adversarial examples with weighted perturbations and abbreviates as WP-AdvGAN. The weights distribution to perturbations are determined by the sensitivity of the target model to the corresponding local region in the adversarial examples. Local region with high sensitivity have greater impacts on the decision of the target model, so the perturbation weights for these regions will be increased in the adversarial sample, vice versa. Experiments performed on MNIST dataset demonstrate that the adversarial examples generated by the proposed WP-AdvGAN are similar to the original images and have high attack success rates under both white-box and black-box attack settings.
展开▼
