This work was presented and published (as a preprint) at the 2025 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining — UMC Track (KDD-UMC 2025). The paper is available in the KDD online repository. If you reference this work in any context, please use the following citation:
@Misc{Areia2025,
author="Areia, Jos{\'e} and Santos, Leonel and Costa, Rog{\'e}rio Lu{\'i}s de C.",
title="Balancing Image Quality and Attack Effectiveness in Multi-Objective Adversarial Image Generation",
year="2025",
url="https://kdd2025.kdd.org/wp-content/uploads/2025/07/CameraReady-27.pdf",
annote = "Preprint presented at the 2025 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, UMC Track (KDD-UMC 2025)."
}Adversarial attacks present a serious challenge to deep neural networks (DNNs) in computer vision, introducing imperceptible perturbations that can mislead even state-of-the-art models. This project introduces a multi-objective generative adversarial network (GAN), augmented with an encoder, designed to generate adversarial images that balance attack effectiveness and visual quality.
Our approach was trained on data produced by four different adversarial attacks at varying perturbation levels and tested across five diverse DNN architectures. Evaluation metrics include not only fooling rate (FR) but also Fréchet Inception Distance (FID) and Learned Perceptual Image Patch Similarity (LPIPS) to assess image quality.
The model achieved a fooling rate of up to 89.63%, while maintaining high perceptual quality, with LPIPS as low as 0.23 and FID scores down to 25-demonstrating a strong trade-off between deception and image fidelity.
multiobjective-adversarial-gan/
│
├── 🎨 Assets/ # Logos and visual assets
├── ⚔️ Attacks/ # Implementations of adversarial attacks
├── 🧠 SuperstarGAN/ # Source code for SuperstarGAN and Encoder
├── 📓 Notebooks/ # Jupyter notebooks with pre-trained models
├── 🧪 Testing/ # Scripts for testing and evaluation
├── 🙈 .gitignore # Git ignore rules
├── 📦 requirements.txt # Project dependencies
├── 🛠️ run_attacks.sh # Script to generate perturbations via attacks
├── 🛠️ run_encoder.sh # Script to train the encoder
├── 🛠️ run_superstargan.sh # Script to train SuperstarGAN
├── 🛠️ run_testing.sh # Script to test and evaluate generated images
├── 📜 README.md # This documentation file
To reproduce or extend this work, follow the steps below:
Run:
run_attacks.shThis script applies predefined adversarial attacks and generates the perturbed dataset. Alternatively, you may use your own attack code or pre-generated perturbations.
Train the GAN using the perturbed dataset:
run_superstargan.shWant to tweak settings? You can modify the script to change the model, attack type, number of epochs, or delta values.
Once SuperstarGAN is trained, run:
run_encoder.shEnsure the script is pointing to the best GAN checkpoint.
To test and evaluate the adversarial examples:
run_testing.shThe output will include fooling rates and quality metrics, saved in a structured JSON format for further analysis.
- Fooling Rate (FR) – Measures the success rate of adversarial images in misleading target DNNs.
- Fréchet Inception Distance (FID) – Quantifies the visual quality of generated images.
- Learned Perceptual Image Patch Similarity (LPIPS) – Evaluates perceptual similarity between images.
This work is funded by Fundação para a Ciência e a Tecnologia through project UIDB/04524/2020.