Learning to Attack: Adversarial Transformation Networks


The generation of adversarial networks to attack a deep neural network by either directly computing gradients with respect to the image pixels or directly solving an optimization on the image pixels is a well studied problem. This fascinating Google paper explores the question whether a separate network can be trained to efficiently attack another fully trained network and demonstrate that it is indeed possible, and that the generated attacks yield startling insights into the weaknesses of the target network.


Want to receive more content like this in your inbox?