Synthesizing Robust Adversarial Examples
About
Standard methods for generating adversarial examples for neural networks do not consistently fool neural network classifiers in the physical world due to a combination of viewpoint shifts, camera noise, and other natural transformations, limiting their relevance to real-world systems. We demonstrate the existence of robust 3D adversarial objects, and we present the first algorithm for synthesizing examples that are adversarial over a chosen distribution of transformations. We synthesize two-dimensional adversarial images that are robust to noise, distortion, and affine transformation. We apply our algorithm to complex three-dimensional objects, using 3D-printing to manufacture the first physical adversarial objects. Our results demonstrate the existence of 3D adversarial objects in the physical world.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Adversarial Attack | CelebA-HQ Eye | Arc Score99 | 15 | |
| Adversarial Attack | CelebA-HQ Respirator | ArcFace Score97.75 | 15 | |
| Face Recognition Attack | LFW Eye region (test) | ASR (ArcFace)98.75 | 15 | |
| Face Recognition Attack | LFW Respirator region (test) | ASR (ArcFace)98.25 | 15 | |
| Face Recognition Attack | LFW Eye & Nose region (test) | ASR (ArcFace)0.995 | 15 | |
| Adversarial Attack | CelebA-HQ Eye & Nose | Arc Score0.995 | 15 |