Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet

Adversarial attacks on deep neural networks (DNNs) have been found for several years. However, the existing adversarial attacks have high success rates only when the information of the victim DNN is well-known or could be estimated by the structure similarity or massive queries. In this paper, we pr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on pattern analysis and machine intelligence Jg. 44; H. 4; S. 2188 - 2197
Hauptverfasser: Chen, Sizhe, He, Zhengbao, Sun, Chengjin, Yang, Jie, Huang, Xiaolin
Format: Journal Article
Sprache:Englisch
Veröffentlicht: United States IEEE 01.04.2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Schlagworte:
Adversarial attack
Algorithms
Artificial neural networks
Attention
Benchmarking
black-box attack
DAmageNet
Datasets
Error analysis
Heating systems
Neural networks
Neural Networks, Computer
Perturbation methods
Semantics
Training
transferability
Visualization
ISSN:0162-8828, 1939-3539, 2160-9292, 1939-3539
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Abstract Adversarial attacks on deep neural networks (DNNs) have been found for several years. However, the existing adversarial attacks have high success rates only when the information of the victim DNN is well-known or could be estimated by the structure similarity or massive queries. In this paper, we propose to Attack on Attention (AoA), a semantic property commonly shared by DNNs. AoA enjoys a significant increase in transferability when the traditional cross entropy loss is replaced with the attention loss. Since AoA alters the loss function only, it could be easily combined with other transferability-enhancement techniques and then achieve SOTA performance. We apply AoA to generate 50000 adversarial samples from ImageNet validation set to defeat many neural networks, and thus name the dataset as DAmageNet . 13 well-trained DNNs are tested on DAmageNet, and all of them have an error rate over 85 percent. Even with defenses or adversarial training, most models still maintain an error rate over 70 percent on DAmageNet. DAmageNet is the first universal adversarial dataset. It could be downloaded freely and serve as a benchmark for robustness testing and adversarial training.
AbstractList Adversarial attacks on deep neural networks (DNNs) have been found for several years. However, the existing adversarial attacks have high success rates only when the information of the victim DNN is well-known or could be estimated by the structure similarity or massive queries. In this paper, we propose to Attack on Attention (AoA), a semantic property commonly shared by DNNs. AoA enjoys a significant increase in transferability when the traditional cross entropy loss is replaced with the attention loss. Since AoA alters the loss function only, it could be easily combined with other transferability-enhancement techniques and then achieve SOTA performance. We apply AoA to generate 50000 adversarial samples from ImageNet validation set to defeat many neural networks, and thus name the dataset as DAmageNet. 13 well-trained DNNs are tested on DAmageNet, and all of them have an error rate over 85 percent. Even with defenses or adversarial training, most models still maintain an error rate over 70 percent on DAmageNet. DAmageNet is the first universal adversarial dataset. It could be downloaded freely and serve as a benchmark for robustness testing and adversarial training.
Adversarial attacks on deep neural networks (DNNs) have been found for several years. However, the existing adversarial attacks have high success rates only when the information of the victim DNN is well-known or could be estimated by the structure similarity or massive queries. In this paper, we propose to Attack on Attention (AoA), a semantic property commonly shared by DNNs. AoA enjoys a significant increase in transferability when the traditional cross entropy loss is replaced with the attention loss. Since AoA alters the loss function only, it could be easily combined with other transferability-enhancement techniques and then achieve SOTA performance. We apply AoA to generate 50000 adversarial samples from ImageNet validation set to defeat many neural networks, and thus name the dataset as DAmageNet. 13 well-trained DNNs are tested on DAmageNet, and all of them have an error rate over 85 percent. Even with defenses or adversarial training, most models still maintain an error rate over 70 percent on DAmageNet. DAmageNet is the first universal adversarial dataset. It could be downloaded freely and serve as a benchmark for robustness testing and adversarial training.Adversarial attacks on deep neural networks (DNNs) have been found for several years. However, the existing adversarial attacks have high success rates only when the information of the victim DNN is well-known or could be estimated by the structure similarity or massive queries. In this paper, we propose to Attack on Attention (AoA), a semantic property commonly shared by DNNs. AoA enjoys a significant increase in transferability when the traditional cross entropy loss is replaced with the attention loss. Since AoA alters the loss function only, it could be easily combined with other transferability-enhancement techniques and then achieve SOTA performance. We apply AoA to generate 50000 adversarial samples from ImageNet validation set to defeat many neural networks, and thus name the dataset as DAmageNet. 13 well-trained DNNs are tested on DAmageNet, and all of them have an error rate over 85 percent. Even with defenses or adversarial training, most models still maintain an error rate over 70 percent on DAmageNet. DAmageNet is the first universal adversarial dataset. It could be downloaded freely and serve as a benchmark for robustness testing and adversarial training.
Author He, Zhengbao
Yang, Jie
Huang, Xiaolin
Sun, Chengjin
Chen, Sizhe
Author_xml – sequence: 1
  givenname: Sizhe
  orcidid: 0000-0003-3274-6926
  surname: Chen
  fullname: Chen, Sizhe
  email: sizhe.chen@sjtu.edu.cn
  organization: Department of Automation, and the Institute of Medical Robotics, Shanghai Jiao Tong University, Shanghai, China
– sequence: 2
  givenname: Zhengbao
  orcidid: 0000-0003-3986-6162
  surname: He
  fullname: He, Zhengbao
  email: lstefanie@sjtu.edu.cn
  organization: Department of Automation, and the Institute of Medical Robotics, Shanghai Jiao Tong University, Shanghai, China
– sequence: 3
  givenname: Chengjin
  orcidid: 0000-0002-9992-7919
  surname: Sun
  fullname: Sun, Chengjin
  email: sunchengjin@sjtu.edu.cn
  organization: Department of Automation, and the Institute of Medical Robotics, Shanghai Jiao Tong University, Shanghai, China
– sequence: 4
  givenname: Jie
  orcidid: 0000-0003-4801-7162
  surname: Yang
  fullname: Yang, Jie
  email: jieyang@sjtu.edu.cn
  organization: Department of Automation, and the Institute of Medical Robotics, Shanghai Jiao Tong University, Shanghai, China
– sequence: 5
  givenname: Xiaolin
  orcidid: 0000-0003-4285-6520
  surname: Huang
  fullname: Huang, Xiaolin
  email: xiaolinhuang@sjtu.edu.cn
  organization: Department of Automation, and the Institute of Medical Robotics, Shanghai Jiao Tong University, Shanghai, China
BackLink https://www.ncbi.nlm.nih.gov/pubmed/33095710$$D View this record in MEDLINE/PubMed
BookMark eNp9kUFv1DAQhS1URLeFPwASisSFS5axHXvt46oFWqkFhNqzNZtMikvWaW0HiX-P09320AOneYfvPY3eO2IHYQzE2FsOS87Bfrr6sb48XwoQsJQgpbD8BVsIrqG2wooDtgCuRW2MMIfsKKVbAN4okK_YoZRg1YrDgl1eB_-HYsKhWncPIvpZ54zt72oMs6KQfVEYuir_ouonpWnIPtxUp5gxUa5O11u8oW-UX7OXPQ6J3uzvMbv-8vnq5Ky--P71_GR9UbdS8Vy3sMGu6anXnG8M2A50Z1ApjSu5Qs1VI02zkUYA9BqaIhFFebiV0qLtV_KYfdzl3sXxfqKU3danloYBA41TcqJRDVdaN6KgH56ht-MUQ_nOCS1LCcroOfD9npo2W-rcXfRbjH_dY1EFMDugjWNKkXrX-oxzLzmiHxwHN2_iHjZx8yZuv0mximfWx_T_mt7tTJ6IngxWlGIK8g-XtpTC
CODEN ITPIDJ
CitedBy_id crossref_primary_10_1016_j_patcog_2021_108491
crossref_primary_10_1007_s41965_024_00142_3
crossref_primary_10_1109_TAI_2023_3257276
crossref_primary_10_1109_TPAMI_2024_3461686
crossref_primary_10_1109_COMST_2023_3319492
crossref_primary_10_1109_TIFS_2025_3565993
crossref_primary_10_1109_TPAMI_2022_3169802
crossref_primary_10_1109_TIFS_2024_3451689
crossref_primary_10_1016_j_csi_2022_103634
crossref_primary_10_1016_j_patcog_2022_108979
crossref_primary_10_1109_TPAMI_2024_3469952
crossref_primary_10_1109_TPAMI_2022_3176760
crossref_primary_10_1016_j_ins_2020_12_042
crossref_primary_10_1109_TR_2024_3369865
crossref_primary_10_1007_s13042_024_02097_4
crossref_primary_10_1109_MWC_001_2100247
crossref_primary_10_1109_TBDATA_2025_3552326
crossref_primary_10_1109_ACCESS_2022_3171659
crossref_primary_10_1109_TIFS_2024_3372803
crossref_primary_10_1016_j_inffus_2022_10_032
crossref_primary_10_1109_TGRS_2023_3336734
crossref_primary_10_1016_j_asoc_2023_110370
crossref_primary_10_1109_TGRS_2022_3156392
crossref_primary_10_1109_TIFS_2022_3156809
crossref_primary_10_1109_TPAMI_2022_3199013
crossref_primary_10_1109_TEVC_2022_3151373
crossref_primary_10_1007_s11063_022_11056_5
crossref_primary_10_1007_s11227_025_07225_7
crossref_primary_10_1109_TDSC_2025_3561162
crossref_primary_10_1109_TIFS_2025_3552030
Cites_doi 10.1109/CVPR.2019.00095
10.1007/978-3-030-20893-6_8
10.1109/TPAMI.2019.2936378
10.1109/CVPR.2018.00894
10.1109/CVPR.2018.00957
10.1109/ICCV.2019.00526
10.1109/SP.2017.49
10.48550/ARXIV.1706.06083
10.1038/nmeth.3547
10.1109/CVPR.2017.195
10.1109/TEVC.2019.2890858
10.1007/978-3-030-28954-6
10.1109/CVPR.2017.241
10.1201/9781351251389-8
10.1145/3128572.3140444
10.1109/ACCESS.2018.2807385
10.1109/ICCVW.2019.00513
10.1109/CVPR.2016.282
10.5555/2946645.2946704
10.1007/978-3-030-01258-8_39
10.1109/CVPR.2019.00444
10.1371/journal.pone.0130140
10.1109/CVPR.2016.90
10.1109/CVPR.2009.5206848
10.1109/CVPR.2016.319
10.1109/CVPR.2017.17
10.1109/TIP.2019.2940533
10.1109/CVPR.2018.00907
10.1145/3052973.3053009
10.1007/978-3-319-10590-1_53
10.1609/aaai.v31i1.11231
10.1109/CVPR.2017.243
10.1109/CVPR.2018.00191
10.1109/CVPR.2016.308
10.1109/CVPR.2019.00284
10.1109/CVPR.2019.00059
10.1609/aaai.v32i1.11688
10.1109/CVPR46437.2021.01501
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022
DBID 97E
RIA
RIE
AAYXX
CITATION
CGR
CUY
CVF
ECM
EIF
NPM
7SC
7SP
8FD
JQ2
L7M
L~C
L~D
7X8
DOI 10.1109/TPAMI.2020.3033291
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE/IET Electronic Library (IEL)
CrossRef
Medline
MEDLINE
MEDLINE (Ovid)
MEDLINE
MEDLINE
PubMed
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
MEDLINE - Academic
DatabaseTitle CrossRef
MEDLINE
Medline Complete
MEDLINE with Full Text
PubMed
MEDLINE (Ovid)
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
MEDLINE - Academic
DatabaseTitleList MEDLINE
Technology Research Database
MEDLINE - Academic
Database_xml – sequence: 1
  dbid: NPM
  name: PubMed
  url: http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?db=PubMed
  sourceTypes: Index Database
– sequence: 2
  dbid: RIE
  name: IEEE Xplore
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
– sequence: 3
  dbid: 7X8
  name: MEDLINE - Academic
  url: https://search.proquest.com/medline
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Computer Science
EISSN 2160-9292
1939-3539
EndPage 2197
ExternalDocumentID 33095710
10_1109_TPAMI_2020_3033291
9238430
Genre orig-research
Research Support, Non-U.S. Gov't
Journal Article
GrantInformation_xml – fundername: National Key Research and Development Program of China
  grantid: 2018AAA0100702; 2019YFB1311503
  funderid: 10.13039/501100012166
– fundername: National Natural Science Foundation of China
  grantid: 61977046; 61876107; U1803261
  funderid: 10.13039/501100001809
GroupedDBID ---
-DZ
-~X
.DC
0R~
29I
4.4
53G
5GY
6IK
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABQJQ
ABVLG
ACGFO
ACGFS
ACIWK
ACNCT
AENEX
AGQYO
AHBIQ
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ASUFR
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
E.L
EBS
EJD
F5P
HZ~
IEDLZ
IFIPE
IPLJI
JAVBF
LAI
M43
MS~
O9-
OCL
P2P
PQQKQ
RIA
RIE
RNS
RXW
TAE
TN5
UHB
~02
5VS
9M8
AAYXX
ABFSI
ADRHT
AETEA
AETIX
AGSQL
AI.
AIBXA
ALLEH
CITATION
FA8
H~9
IBMZZ
ICLAB
IFJZH
RNI
RZB
VH1
CGR
CUY
CVF
ECM
EIF
NPM
RIG
XJT
7SC
7SP
8FD
JQ2
L7M
L~C
L~D
7X8
ID FETCH-LOGICAL-c351t-c0bad4fef611b809d06d8a556a737a6154384b38200f6044b3aa2957c339a9f73
IEDL.DBID RIE
ISICitedReferencesCount 66
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000764815300038&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0162-8828
1939-3539
IngestDate Sat Sep 27 19:39:12 EDT 2025
Mon Jun 30 04:29:00 EDT 2025
Mon Jul 21 06:04:58 EDT 2025
Sat Nov 29 05:16:00 EST 2025
Tue Nov 18 21:44:59 EST 2025
Wed Aug 27 02:49:31 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 4
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c351t-c0bad4fef611b809d06d8a556a737a6154384b38200f6044b3aa2957c339a9f73
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
content type line 23
ORCID 0000-0003-4285-6520
0000-0003-3986-6162
0000-0003-3274-6926
0000-0003-4801-7162
0000-0002-9992-7919
PMID 33095710
PQID 2635715867
PQPubID 85458
PageCount 10
ParticipantIDs ieee_primary_9238430
crossref_citationtrail_10_1109_TPAMI_2020_3033291
proquest_journals_2635715867
proquest_miscellaneous_2454156642
crossref_primary_10_1109_TPAMI_2020_3033291
pubmed_primary_33095710
PublicationCentury 2000
PublicationDate 2022-04-01
PublicationDateYYYYMMDD 2022-04-01
PublicationDate_xml – month: 04
  year: 2022
  text: 2022-04-01
  day: 01
PublicationDecade 2020
PublicationPlace United States
PublicationPlace_xml – name: United States
– name: New York
PublicationTitle IEEE transactions on pattern analysis and machine intelligence
PublicationTitleAbbrev TPAMI
PublicationTitleAlternate IEEE Trans Pattern Anal Mach Intell
PublicationYear 2022
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref13
ref57
ref12
ref56
ref15
Goodfellow (ref2)
ref53
Ilyas (ref38); 80
ref52
ref11
Szegedy (ref22)
ref55
ref10
ref54
Cheng (ref6) 2019
ref17
ref19
Meunier (ref40) 2019
Miyato (ref28)
Hendrycks (ref59)
ref45
ref48
ref44
Zhang (ref30)
ref49
Zhou (ref47)
Guo (ref67)
Song (ref25)
ref9
ref4
Baluja (ref26) 2017
ref3
ref5
Springenberg (ref51)
Barbu (ref58)
Ilyas (ref7)
Du (ref41)
Lin (ref46)
Guo (ref8)
Lin (ref14)
ref35
Cohen (ref68)
ref34
ref31
Simonyan (ref50)
Tramèr (ref71)
Brendel (ref37) 2018
ref33
ref32
Papernot (ref36) early access, 2016
Ru (ref39)
ref1
Chollet (ref64) 2015
Simonyan (ref18)
Sinha (ref21)
Xie (ref70)
Wu (ref42)
ref24
ref23
ref69
ref20
Zhang (ref16)
ref63
ref66
Abadi (ref65) 2015
ref27
ref29
Vaswani (ref43)
ref60
ref62
ref61
References_xml – ident: ref33
  doi: 10.1109/CVPR.2019.00095
– volume-title: Proc. Int. Conf. Learn. Representations
  ident: ref42
  article-title: Skip connections matter: On the transferability of adversarial examples generated with resnets
– year: 2015
  ident: ref64
  article-title: Keras
– year: 2018
  ident: ref37
  article-title: Decision-based adversarial attacks: Reliable attacks against black-box machine learning models
– volume-title: Proc. 8th Int. Conf. Learn. Representations
  ident: ref41
  article-title: Query-efficient meta attack to deep neural networks
– volume-title: Proc. 3rd Int. Conf. Learn. Representations
  ident: ref47
  article-title: Object detectors emerge in deep scene CNNs
– ident: ref53
  doi: 10.1007/978-3-030-20893-6_8
– volume-title: Proc. 6th Int. Conf. Learn. Representations
  ident: ref67
  article-title: Countering adversarial images using input transformations
– ident: ref5
  doi: 10.1109/TPAMI.2019.2936378
– start-page: 7502
  volume-title: Proc. 36th Int. Conf. Mach. Learn.
  ident: ref16
  article-title: Interpreting adversarially trained convolutional neural networks
– volume-title: Proc. Int. Conf. Learn. Representations
  ident: ref2
  article-title: Explaining and harnessing adversarial examples
– volume-title: Proc. 5th Int. Conf. Learn. Representations
  ident: ref28
  article-title: Adversarial training methods for semi-supervised text classification
– ident: ref34
  doi: 10.1109/CVPR.2018.00894
– year: 2017
  ident: ref26
  article-title: Adversarial transformation networks: Learning to generate adversarial examples
– volume-title: Proc. Int. Conf. Learn. Representations
  ident: ref39
  article-title: Bayesopt adversarial attack
– ident: ref12
  doi: 10.1109/CVPR.2018.00957
– ident: ref27
  doi: 10.1109/ICCV.2019.00526
– ident: ref3
  doi: 10.1109/SP.2017.49
– ident: ref4
  doi: 10.48550/ARXIV.1706.06083
– volume-title: Proc. 2nd Int. Conf. Learn. Representations
  ident: ref46
  article-title: Network in network
– ident: ref49
  doi: 10.1038/nmeth.3547
– start-page: 227
  volume-title: Proc. Annu. Conf. Neural Inf. Process. Syst.
  ident: ref30
  article-title: You only propagate once: Painless adversarial training using maximal principle
– start-page: 3820
  volume-title: Proc. Advances Neural Inf. Process. Syst.
  ident: ref8
  article-title: Subspace attack: Exploiting promising subspaces for query-efficient black-box attacks
– volume-title: Proc. 6th Int. Conf. Learn. Representations
  ident: ref71
  article-title: Ensemble adversarial training: Attacks and defenses
– ident: ref62
  doi: 10.1109/CVPR.2017.195
– year: 2019
  ident: ref40
  article-title: Yet another but more efficient black-box adversarial attack: Tiling and evolution strategies
– volume-title: Proc. Int. Conf. Learn. Representations
  ident: ref59
  article-title: Benchmarking neural network robustness to common corruptions and perturbations
– ident: ref24
  doi: 10.1109/TEVC.2019.2890858
– start-page: 6000
  volume-title: Proc. Advances Neural Inf. Process. Syst.
  ident: ref43
  article-title: Attention is all you need
– ident: ref44
  doi: 10.1007/978-3-030-28954-6
– ident: ref20
  doi: 10.1109/CVPR.2017.241
– volume-title: Proc. 3rd Int. Conf. Learn. Representations
  ident: ref51
  article-title: Striving for simplicity: The all convolutional net
– ident: ref69
  doi: 10.1201/9781351251389-8
– ident: ref66
  doi: 10.1145/3128572.3140444
– ident: ref1
  doi: 10.1109/ACCESS.2018.2807385
– start-page: 8322
  volume-title: Proc. Advances Neural Inf. Process. Syst.
  ident: ref25
  article-title: Constructing unrestricted adversarial examples with generative models
– ident: ref54
  doi: 10.1109/ICCVW.2019.00513
– volume-title: Proc. 2nd Int. Conf. Learn. Representations
  ident: ref22
  article-title: Intriguing properties of neural networks
– ident: ref23
  doi: 10.1109/CVPR.2016.282
– volume-title: Proc. 3rd Int. Conf. Learn. Representations
  ident: ref18
  article-title: Very deep convolutional networks for large-scale image recognition
– ident: ref19
  doi: 10.5555/2946645.2946704
– volume-title: Proc. Int. Conf. Learn. Representations
  ident: ref21
  article-title: Certifiable distributional robustness with principled adversarial training
– volume-title: Proc. 7th Int. Conf. Learn. Representations
  ident: ref7
  article-title: Prior convictions: Black-box adversarial attacks with bandits and priors
– ident: ref15
  doi: 10.1007/978-3-030-01258-8_39
– ident: ref11
  doi: 10.1109/CVPR.2019.00444
– ident: ref52
  doi: 10.1371/journal.pone.0130140
– ident: ref55
  doi: 10.1109/CVPR.2016.90
– volume: 80
  start-page: 2137
  ident: ref38
  article-title: Black-box adversarial attacks with limited queries and information
– ident: ref17
  doi: 10.1109/CVPR.2009.5206848
– ident: ref45
  doi: 10.1109/CVPR.2016.319
– ident: ref10
  doi: 10.1109/CVPR.2017.17
– volume-title: Proc. 8th Int. Conf. Learn. Representations
  ident: ref14
  article-title: Nesterov accelerated gradient and scale invariance for adversarial attacks
– ident: ref35
  doi: 10.1109/TIP.2019.2940533
– ident: ref63
  doi: 10.1109/CVPR.2018.00907
– ident: ref9
  doi: 10.1145/3052973.3053009
– ident: ref48
  doi: 10.1007/978-3-319-10590-1_53
– volume-title: Proc. 2nd Int. Conf. Learn. Representations
  ident: ref50
  article-title: Deep inside convolutional networks: Visualising image classification models and saliency maps
– year: early access, 2016
  ident: ref36
  article-title: Transferability in machine learning: From phenomena to black-box attacks using adversarial samples
– ident: ref61
  doi: 10.1609/aaai.v31i1.11231
– year: 2019
  ident: ref6
  article-title: Improving black-box adversarial attacks with a transfer-based prior
– ident: ref56
  doi: 10.1109/CVPR.2017.243
– ident: ref31
  doi: 10.1109/CVPR.2018.00191
– ident: ref60
  doi: 10.1109/CVPR.2016.308
– ident: ref13
  doi: 10.1109/CVPR.2019.00284
– ident: ref32
  doi: 10.1109/CVPR.2019.00059
– start-page: 1310
  volume-title: Proc. 36th Int. Conf. Mach. Learn.
  ident: ref68
  article-title: Certified adversarial robustness via randomized smoothing
– year: 2015
  ident: ref65
  article-title: TensorFlow: Large-scale mchine learning on heterogeneous systems
– ident: ref29
  doi: 10.1609/aaai.v32i1.11688
– start-page: 9453
  volume-title: Proc. Advances Neural Inf. Process. Syst.
  ident: ref58
  article-title: Objectnet: A large-scale bias-controlled dataset for pushing the limits of object recognition models
– volume-title: Proc. 6th Int. Conf. Learn. Representations
  ident: ref70
  article-title: Mitigating adversarial effects through randomization
– ident: ref57
  doi: 10.1109/CVPR46437.2021.01501
SSID ssj0014503
Score 2.5721757
Snippet Adversarial attacks on deep neural networks (DNNs) have been found for several years. However, the existing adversarial attacks have high success rates only...
SourceID proquest
pubmed
crossref
ieee
SourceType Aggregation Database
Index Database
Enrichment Source
Publisher
StartPage 2188
SubjectTerms Adversarial attack
Algorithms
Artificial neural networks
Attention
Benchmarking
black-box attack
DAmageNet
Datasets
Error analysis
Heating systems
Neural networks
Neural Networks, Computer
Perturbation methods
Semantics
Training
transferability
Visualization
Title Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet
URI https://ieeexplore.ieee.org/document/9238430
https://www.ncbi.nlm.nih.gov/pubmed/33095710
https://www.proquest.com/docview/2635715867
https://www.proquest.com/docview/2454156642
Volume 44
WOSCitedRecordID wos000764815300038&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVIEE
  databaseName: IEEE Xplore
  customDbUrl:
  eissn: 2160-9292
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0014503
  issn: 0162-8828
  databaseCode: RIE
  dateStart: 19790101
  isFulltext: true
  titleUrlDefault: https://ieeexplore.ieee.org/
  providerName: IEEE
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1Lb9QwEB6VigMcKLRAA6UyEjcITfyMjytKBRJdVaigvUVOPK4QNIu6WX4_Y-ehHgCJ20ix8_DMeOaL5wHwqkJeas0xb9rQ5FLHfRBlyH0TjTUqFVKW69dPZrmsVit7sQNv5lwYREzBZ_g2kuks36_bbfxVdkLOSCUFAfQ7xpghV2s-MZAqdUEmD4Y0nGDElCBT2JPLi8X5R4KCnBBqIQS3sT0M4XirTEycvWWPUoOVv_uayeac7f3f2z6EB6NvyRaDMDyCHez2YW_q28BGNd6H-7eKEB7A-RibEWf6RESZZIu-d-13tu4iNcREMtd5Rg4j-4ybGIfYXbFT15MZ7Nnp4po2piX2j-HL2fvLdx_ysclC3gpV9nlbNM7LgEGXZVMV1hfaV04p7YwwjvwdSV_RCHIUiqALSaRznFauFcI6G4x4ArvdusNDYNw6gdb6VDI-OLTeN7R9YIlcBxtcBuW01HU7ViCPjTB-1AmJFLZOnKojp-qRUxm8nuf8HOpv_HP0QeTDPHJkQQZHE0frUUU3dazCY0pVaZPBy_kyKVc8MXEdrrc0RqoEcCXP4OkgCfO9JwF69udnPod7PGZKpCCfI9jtb7b4Au62v_pvm5tjkuBVdZwk-Dc5Vug2
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1Lb9QwEB5VBQk4UGh5BAoYiRuEJn4lPq4oVSt2VxVaUG-RE48Rasmibpbfz9h5qAdA4jZS7Dw8M5754nkAvCmR51pzTOvG16nUYR9E6VNXB2ONSvmY5fp1XiyX5cWFOd-Bd1MuDCLG4DN8H8h4lu_WzTb8KjsiZ6SUggD6LSUlz_tsrenMQKrYB5l8GNJxAhJjikxmjlbns8UZgUFOGDUTgpvQIIaQvFFFSJ29YZFii5W_e5vR6pzs_d_7PoD7g3fJZr04PIQdbPdhb-zcwAZF3od7N8oQHsBiiM4IM10kglSyWdfZ5pKt20D1UZHMto6Ry8g-4yZEIrbf2LHtyBB27Hj2g7amJXaP4MvJx9WH03Ros5A2QuVd2mS1ddKj13lel5lxmXalVUrbQhSWPB5JX1ELchUyrzNJpLWcVq4RwljjC_EYdtt1i0-BcWMFGuNi0Xhv0ThX0waCOXLtjbcJ5ONSV81Qgzy0wriqIhbJTBU5VQVOVQOnEng7zfnZV-D45-iDwIdp5MCCBA5HjlaDkm6qUIenyFWpiwReT5dJvcKZiW1xvaUxUkWIK3kCT3pJmO49CtCzPz_zFdw5XS3m1fxs-ek53OUhbyKG_BzCbne9xRdwu_nVfd9cv4xy_Bv8e-qV
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Universal+Adversarial+Attack+on+Attention+and+the+Resulting+Dataset+DAmageNet&rft.jtitle=IEEE+transactions+on+pattern+analysis+and+machine+intelligence&rft.au=Chen%2C+Sizhe&rft.au=He%2C+Zhengbao&rft.au=Sun%2C+Chengjin&rft.au=Yang%2C+Jie&rft.date=2022-04-01&rft.issn=1939-3539&rft.eissn=1939-3539&rft.volume=44&rft.issue=4&rft.spage=2188&rft_id=info:doi/10.1109%2FTPAMI.2020.3033291&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0162-8828&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0162-8828&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0162-8828&client=summon