Perceptual evaluation of adversarial attacks for CNN-based image classification

Deep neural networks (DNNs) have recently achieved state-of-the-art performance and provide significant progress in many machine learning tasks, such as image classification, speech processing, natural language processing, etc. However, recent studies have shown that DNNs are vulnerable to adversarial attacks. For instance, in the image classification domain, adding small imperceptible perturbations to the input image is sufficient to fool the DNN and to cause misclassification. The perturbed image, called adversarial example, should be visually as close as possible to the original image. However, all the works proposed in the literature for generating adversarial examples have used the L _p norms (L ₀ , L ₂ and L _∞ ) as distance metrics to quantify the similarity between the original image and the adversarial example. Nonetheless, the L _p norms do not correlate with human judgment, making them not â€¦