Geometry-Inspired Top-K Adversarial Perturbations

The brittleness of deep image classifiers to small adver-sarial input perturbations has been extensively studied inthe last several years. However, the main objective of ex-isting perturbations is primarily limited to change the cor-rectly predicted Top-1class by an incorrect one, which doesnot intend to change the Top-kprediction. In many digi-tal real-world scenarios Top-kprediction is more relevant.In this work, we propose a fast and accurate method ofcomputing Top-kadversarial examples as a simple multi-objective optimization. We demonstrate its efficacy andperformance by comparing it to other adversarial examplecrafting techniques. Moreover, based on this method, wepropose Top-kUniversal Adversarial Perturbations, image-agnostic tiny perturbations that cause the true class to beabsent among the Top-kprediction for the majority of nat-ural images. We experimentally show that our approachoutperforms baseline methods and even improves existingtechniques of finding Universal Adversarial Perturbations.