Improving Diversity and Quality of Adversarial Examples in Adversarial Transformation Network

Abstract This paper proposes a method to mitigate two major issues of Adversarial Transformation Networks (ATN) including the low diversity and the low quality of adversarial examples. In order to deal with the first issue, this research proposes a stacked convolutional autoencoder based on pattern to generalize ATN. This proposed autoencoder could support different patterns such as all-feature pattern , border feature pattern , and class model map pattern . In order to deal with the second issue, this paper presents an algorithm to improve the quality of adversarial examples in terms of L 0 -norm and L 2 -norm. This algorithm employs an adversarial feature ranking heuristics such as JSMA and COI to prioritize adversarial features. To demonstrate the advantages of the proposed method, comprehensive experiments have been conducted on the MNIST dataset and the CIFAR-10 dataset. For the first issue, the proposed autoencoder can generate diverse adversarial examples with the average success rate above 99%. For the second issue, the proposed algorithm could not only improve the quality of adversarial examples significantly but also maintain the average success rate. In terms of L 0 -norm, the proposed algorithm could decrease from hundreds of adversarial features to one adversarial feature. In terms of L 2 -norm, the proposed algorithm could reduce the average distance considerably. These results show that the proposed method is capable of generating high-quality and diverse adversarial examples in practice.