Concept-based Adversarial Attack: a Probabilistic Perspective

Researchers propose a new concept-based adversarial attack framework that targets entire concept distributions rather than single images, generating diverse adversarial examples while preserving the original concept identity. The method creates adversarial images with variations in pose, viewpoint, or background that can still mislead classifiers while remaining recognizable as instances of the original category.