An Evasion Attack against Stacked Capsule Autoencoder

Capsule networks are a type of neural network that use the spatial relationship between features to classify images. By capturing poses and relative positions features, this is better able recognize affine transformation surpass traditional convolutional (CNNs) when handling translation, rotation, scaling. The stacked capsule autoencoder (SCAE) state-of-the-art encodes an image in capsules which each contain their correlations. encoded contents then input into downstream classifier predict categories. Existing research has mainly focused on security with dynamic routing or expectation maximization (EM) routing, while little attention been given robustness SCAEs. In paper, we propose evasion attack against After perturbation generated based output object model, it added reduce contribution related original category so perturbed will be misclassified. We evaluate using classification experiment Mixed National Institute Standards Technology Database (MNIST), Fashion-MNIST, German Traffic Sign Recognition Benchmark (GTSRB) datasets, average success rate can reach 98.6%. experimental results indicate achieve high rates stealthiness. This finding confirms SCAE vulnerability allows for generation adversarial samples. Our work seeks highlight threat focus SCAE’s security.