Fast-UAP: An Algorithm for Expediting Universal Adversarial Perturbation Generation Using the Orientations of Perturbation Vectors

Abstract Convolutional neural networks (CNNs), which are popular machine-learning tools, are being applied in various tasks. However, CNN models are vulnerable to universal perturbations, which despite being usually quasi-imperceptible to the human eye can cause natural images to be misclassified with high probability. The original algorithm of generating universal perturbations (the algorithm is called UAP for brevity) only aggregates minimal perturbations in each iteration without considering the orientations of perturbation vectors; consequently, the magnitude of the universal perturbation cannot efficiently increase at each iteration, thereby resulting in slow universal perturbation generation. Hence, we propose an optimized algorithm to enhance the performance of generating universal perturbations based on the orientations of perturbation vectors. At each iteration, rather than choosing the minimal perturbation vector, we choose the perturbation whose orientation is similar to that of the current universal perturbation; therefore, the magnitude of the aggregation of both the perturbations will be maximized. The experimental results show that compared with UAP, we could generate universal perturbations in a shorter time using a smaller number of training images. Furthermore, we empirically observed that compared with the universal perturbations generated using UAP, the ones generated using our proposed algorithm achieved an average fooling-rate increment of 9 % in white-box and black-box attacks.