Efficient Untargeted White-Box Adversarial Attacks Based on Simple Initialization
作者机构:School of Computer Science and Technology Xidian University
出 版 物:《Chinese Journal of Electronics》 (电子学报(英文))
年 卷 期:2024年第33卷第4期
页 面:979-988页
核心收录:
学科分类:12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0808[工学-电气工程] 08[工学] 081104[工学-模式识别与智能系统] 080203[工学-机械设计及理论] 0802[工学-机械工程] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:supported by the National Natural Science Foundation of China (Grant No. 61972306) Song Shan Laboratory (Grant No. YYJC012022005) Zhejiang Laboratory (Grant No. 2021KD0AB03)
主 题:Deep learning Additives Perturbation methods Noise Mean square error methods Robustness Glass box
摘 要:Adversarial examples(AEs) are an additive amalgamation of clean examples and artificially malicious perturbations. Attackers often leverage random noise and multiple random restarts to initialize perturbation starting points, thereby increasing the diversity of AEs. Given the non-convex nature of the loss function, employing randomness to augment the attack s success rate may lead to considerable computational overhead. To overcome this challenge,we introduce the one-hot mean square error loss to guide the initialization. This loss is combined with the strongest first-order attack, the projected gradient descent, alongside a dynamic attack step size adjustment strategy to form a comprehensive attack process. Through experimental validation, we demonstrate that our method outperforms baseline attacks in constrained attack budget scenarios and regular experimental settings. This establishes it as a reliable measure for assessing the robustness of deep learning models. We explore the broader application of this initialization strategy in enhancing the defense impact of few-shot classification models. We aspire to provide valuable insights for the community in designing attack and defense mechanisms.
同方期刊数据库