arXiv:1712.02950 Abstract | arXiv Analytics

arXiv:1712.02950 [cs.CV]Abstract References Reviews Resources

CycleGAN: a Master of Steganography

Casey Chu, Andrey Zhmoginov, Mark Sandler

Published 2017-12-08Version 1

CycleGAN is one of the latest successful approaches to learn a correspondence between two image distributions. In a series of experiments, we demonstrate an intriguing property of the model: CycleGAN learns to "hide" information about a source image inside the generated image in nearly imperceptible, high-frequency noise. This trick ensures that the complementary generator can recover the original sample and thus satisfy the cyclic consistency requirement, but the generated image remains realistic. We connect this phenomenon with adversarial attacks by viewing CycleGAN's training procedure as training a generator of adversarial examples, thereby showing that adversarial attacks are not limited to classifiers but also may target generative models.

Comments: NIPS 2017, workshop on Machine Deception

Categories: cs.CV, cs.LG, stat.ML

Keywords: adversarial attacks, steganography, generated image remains realistic, source image inside, cyclic consistency requirement

Related articles: Most relevant | Search more

arXiv:1806.04646 [cs.CV] (Published 2018-06-12)

Adversarial Attacks on Variational Autoencoders

George Gondim-Ribeiro, Pedro Tabacof, Eduardo Valle

arXiv:2002.11881 [cs.CV] (Published 2020-02-27)

Defense-PointNet: Protecting PointNet Against Adversarial Attacks

Yu Zhang, Gongbo Liang, Tawfiq Salem, Nathan Jacobs

arXiv:2007.08716 [cs.CV] (Published 2020-07-17)

Understanding and Diagnosing Vulnerability under Adversarial Attacks