Adversarial Transformation Network with Adaptive Perturbations for Generating Adversarial Examples

Deep neural networks are susceptible to adversarial examples which can mislead or even manipulate the predictive behaviour of deep neural networks. This raises concerns about the safety of deep learning. In this paper, to ensure rapid generation of adversarial examples, we propose an adversarial transformation network with adaptive perturbations by using the framework of a generative adversarial network. For the adversarial training phase, the direction of the adversarial perturbation is adaptively adjusted to generate more adversarial examples with transferability. Besides, the perceptual constraint based on game theory, the pixel-level constraint based on mixed norms, and the target constraint based on the C$W method are introduced to guide the optimisation of the generator. Experiments conducted on MNIST, CIFAR-10, and ImageNet show the proposed algorithm can generate adversarial examples with stronger attack abilities in a shorter time. And the proposed algorithm can generate more transferable adversarial examples when attacking models with similar structures.