Generating adversarial examples with collaborative generative models

Deep learning has made remarkable progress, and deep learning models have been successfully deployed in many practical applications. However, recent studies indicate that deep learning models are vulnerable to adversarial examples generated by adding an imperceptible perturbation. The study of adversarial attacks and defense has attracted substantial interest from researchers due to its high application value. In this paper, a method named AdvAE-GAN is proposed for generating adversarial examples. The proposed method combines (1) explicit perturbation generated by adversarial autoencoder and (2) implicit perturbation generated by generative adversarial network. A more suitable similarity measurement criteria is incorporated into the model to ensure that the generated examples are imperceptible. The proposed model not only is suitable for white-box attacks, but also can be adapted to black-box attacks. Extensive experiments and comparisons with six state-of-the-art methods (FGSM, SDM-FGSM, PGD, MIM, AdvGAN, and AdvGAN++) demonstrate that the adversarial examples generated by AdvAE-GAN result in high attack success rate with good transferability and are more realistic-looking and natural. Our code is available at https://github.com/xzforeverlove/Generating-Adversarial-Examples.