Summary of One-index Vector Quantization Based Adversarial Attack on Image Classification, by Haiju Fan et al.
One-Index Vector Quantization Based Adversarial Attack on Image Classification
by Haiju Fan, Xiaona Qin, Shuang Chen, Hubert P. H. Shum, Ming Li
First submitted to arxiv on: 2 Sep 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed one-index attack method targets vector quantization (VQ) compressed images, which is a crucial improvement for real-world scenarios. The novel algorithm utilizes differential evolution to generate adversarial images that misclassify victim models. This semi-black-box attack only modifies a single VQ index, limiting the number of perturbed indexes. The method demonstrates impressive results, successfully attacking three popular image classification models (Resnet, NIN, and VGG16) with high misclassification confidence and low image perturbation levels on CIFAR-10 and Fashion MNIST datasets. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Imagine you have a way to make pictures on your phone look fake. This could be used to trick people into thinking something is real when it’s not. The problem is that most of the ways we try to do this now work in a special way with pixels, but they don’t work well if the picture has been shrunk down or changed. That’s why researchers are working on new ways to make fake pictures that can be used for both big and small images. This paper shows one way to do this by changing just one part of the compressed image, which makes it harder for machines to recognize what’s real and what’s not. |
Keywords
» Artificial intelligence » Image classification » Quantization » Resnet
