Generating Adversarial Attacks in the Latent Space
Nitish Shukla, Sudipta Banerjee
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
Adversarial attacks in the input (pixel) space typically incorporate noise margins such as L_1 or L_-norm to produce imperceptibly perturbed data that confound deep learning networks. Such noise margins confine the magnitude of permissible noise. In this work, we propose injecting adversarial perturbations in the latent (feature) space using a generative adversarial network, removing the need for margin-based priors. Experiments on MNIST, CIFAR10, Fashion-MNIST, CIFAR100 and Stanford Dogs datasets support the effectiveness of the proposed method in generating adversarial attacks in the latent space while ensuring a high degree of visual realism with respect to pixel-based adversarial attack methods.