Abstract
In order to better solve the shortcomings of Deep Neural Networks (DNNs) susceptible to adversarial examples, evaluating existing neural network classification performance and increasing training sets to improve the robustness of classification models require more effective methods of the adversarial examples generation. Under the black-box condition, less information about parameters of the classification model, limited query times, and less feedback information available, it is difficult to generate adversarial examples against the black-box model. In order to further improve the efficiency of the adversarial images generation, we propose two different variants of Partial Swarm Optimization algorithm (vPSO) base on the traditional Partial Swarm Optimization for the targeted and non-targeted attack under conditions of the completely black-box. Compared with the existing of the state-of-the-art generation algorithm, the vPSO effectively reduce the number of queries to the black-box classifier and the dependence on the feedback information. The success rate of the targeted attack is up to 96.0% and the average number of queries for the black-box model is greatly reduced. Furthermore, we propose an efficient target image screening method in targeted attacks, as well as the concept of easy-to-attack and hard-to-attack images in non-targeted attacks, and give corresponding distinctions.
Highlights
With the acceleration of the development of 5G mobile communication networks and the increase of cloud service platforms [1]–[3], users and devices have experienced remarkable growth in network access
In this paper, based on the traditional PSO algorithm, we successfully improved this algorithm into the field of image classification, and successfully generated the adversarial example
Another vice is that our method generate only one adversarial example at a time and it can not generate the adversarial examples by batch
Summary
With the acceleration of the development of 5G mobile communication networks and the increase of cloud service platforms [1]–[3], users and devices have experienced remarkable growth in network access. To mimic the real black-box attack scenario, they minimize the dependence to the information output by calling the attacked model, and just utilize the top − k classification labels and the confidence scores which are returned by the classifier Their mothed is called gradient estimation which could achieve in far fewer queries than typical finite-differences methods. Our contributions of this paper are as follows: 1) We design and propose two variants of PSO algorithm (vPSO) as approaches for generating black-box adversarial examples and it is more efficient in targeted and non-targeted attack under the condition of blackbox. 2) The experiments demonstrate our algorithm achieves the following results: -For targeted attack: The target image with higher confidence classified by the black-box classification model has fewer black-box model queries required to generate the adversarial examples successfully. We summarize the important conclusions of our vPSO algorithm for classification model attacks
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
