Abstract
Adversarial sample generation problem is a hot issue in the security field of deep learning. Evolutionary algorithm has been widely used to solve this problem in recent years because of its good global search ability. However, existing methods still suffer from the “curse of dimensionality” when attacking high-resolution images. In this paper, a two-stage frequency domain generation algorithm of black-box adversarial samples based on differential evolution is proposed. In the first stage, a representative image-guided differential evolution method is proposed to quickly generate a universal adversarial perturbation with a high attack success rate in the frequency-domain. In the second stage, a space reduction strategy based on frequency-domain pixel blocks is designed to reduce the search space and alleviate the problem of “curse of dimensionality”. In addition, a new space–frequency interaction sensitivity measure is introduced to evaluate the similarity between the adversarial samples and the original images. The adversarial perturbations obtained by the measure are more in line with the subjective perception of the human eye. Finally, compared with several typical black-box adversarial sample generation algorithms, experimental results show that the proposed algorithm can achieve higher attack success rate with less prediction times.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
