Geometry-Inspired Top-k Adversarial Perturbations

Deep learning models are vulnerable to adversarial examples, which endangers their usage in real-world applications. The main target of existing adversarial perturbations is primarily limited to change the correct Top-1 predicted class by the incorrect one, which does not intend changing the Top-$k$ prediction. However, in many real-world scenarios, especially dealing with digital images, Top-$k$ predictions are more important. In this work, we propose a simple yet effective geometry-inspired method of computing Top-$k$ adversarial examples for any $k$. We evaluate its effectiveness and efficiency by comparing it with other adversarial example crafting techniques. Moreover, based on this method, we propose Top-$k$ Universal Adversarial Perturbations, image-agnostic tiny perturbations that cause true class to be absent among the Top-$k$ prediction for most inputs in the dataset. We experimentally show that our approach outperforms baseline methods and even improves existing techniques of generating Universal Adversarial Perturbations.