Loading…
Sample Based Fast Adversarial Attack Method
Deep neural network (DNN) brings the rapid development of pattern recognition algorithms. However, a large number of experiments show that there are some vulnerabilities in DNNs. Though many adversarial samples generating algorithms has been proposed, most of them based on some known information of...
Saved in:
Published in: | Neural processing letters 2019-12, Vol.50 (3), p.2731-2744 |
---|---|
Main Authors: | , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Deep neural network (DNN) brings the rapid development of pattern recognition algorithms. However, a large number of experiments show that there are some vulnerabilities in DNNs. Though many adversarial samples generating algorithms has been proposed, most of them based on some known information of attacked model. We proposed a new fast black-box adversarial attack algorithm purely based on data samples. First, we find the key difference between different classes based on principle component analysis and calculate the difference vector. During attacking, we just drive a sample to the target class (for target adversarial) or the nearest other class (for misclassification adversarial). The minimum modification to create an target adversarial sample is obtained by bi-section line search along the difference vector from current class to target class. For misclassification adversarial attack, the minimum modification among all other classes is given. Experimental results show that the proposed algorithm generating comparable adversarial samples much fast then classical attack algorithms. |
---|---|
ISSN: | 1370-4621 1573-773X |
DOI: | 10.1007/s11063-019-10058-0 |