Crafting adversarial example with adaptive root mean square gradient on deep neural networks

Abstract

Deep Neural Networks have achieved remarkable success in computer vision, natural language, and audio tasks. It shows excellent ability in dealing with specific tasks with surpassing efficiency and accuracy. However, researches indicated that deep neural models are extremely vulnerable to crafted adversarial perturbation. In image classification domain, crafted images with adversarial perturbation can fool deep neural models into misclassifying. Specific researches revealed that adversarial examples crafted by attack methods show substantial pixel modification strength, which causes lower similarity between the clean and corresponding sample and makes the change in crafted samples visible. To address the issues mentioned above, we propose an adversarial attack method, which generates adversarial perturbation based on adaptive root mean square gradient strategy. In our proposed approach, we formulate adversarial perturbation based on an adaptive gradient at root mean square level during crafting adversarial sample. Due to the adaptive strategy, the proposed method searches the decision boundary between the original and the adversarial classes in latent space directly by searching the extremum of loss. It helps to generate adversarial samples with higher image quality and better transferability on fooling multiple deep neural models. We evaluate several state-of-the-art attack methods with proposed methods. Experimental results show that our approaches outperform modern techniques in crafting adversarial sample with slight pixel modification, and excellent efficiency in fooling classifiers in both no-targeted and targeted attack strategies.