pith. sign in

arxiv: 1809.08758 · v2 · pith:K2LL7MRRnew · submitted 2018-09-24 · 💻 cs.CV

Low Frequency Adversarial Perturbation

Chuan Guo , Jared S. Frank , Kilian Q. Weinberger This is my paper
classification 💻 cs.CV
keywords adversarialmodelblack-boxfrequencyimageimagesquerysearch
0
0 comments X
read the original abstract

Adversarial images aim to change a target model's decision by minimally perturbing a target image. In the black-box setting, the absence of gradient information often renders this search problem costly in terms of query complexity. In this paper we propose to restrict the search for adversarial images to a low frequency domain. This approach is readily compatible with many existing black-box attack frameworks and consistently reduces their query cost by 2 to 4 times. Further, we can circumvent image transformation defenses even when both the model and the defense strategy are unknown. Finally, we demonstrate the efficacy of this technique by fooling the Google Cloud Vision platform with an unprecedented low number of model queries.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Frequency-Aware Model Parameter Explorer: A new attribution method for improving explainability

    cs.LG 2025-09 unverdicted novelty 5.0

    FAMPE is a new attribution method that applies FFT-based frequency-selective perturbations integrated with model parameter exploration to produce fine-grained feature importance maps, showing gains over AttEXplore on ...