Query-Efficient Generation of Adversarial Examples for Defensive DNNs via Multiobjective Optimization

Abstract

Due to the inherent vulnerability of Deep Neural Networks (DNNs), Adversarial Example (AE) attack has become a serious threat to intelligent systems, e.g., the failure cause of an image classification system. Different to existing works, in this paper we are interested in the generation of AEs for DNNs with defensive mechanisms. To make the attack more practical, we exploit a query-based method to generate image AEs in a black-box attack setting. Considering that the generation of AEs is inherently a constrained optimization problem, this paper first formulates three objectives regarding to defensive DNNs, i.e, attack effectiveness, attack evasiveness and attack coverage. Then, this paper proposes a query-efficient AE attack based on Genetic Algorithm (GA) and Particle Swarm Optimization (PSO) to address the perturbation optimization problem. To improve the efficiency of search and query, AE-specific operators including block-level and pixel-level crossovers, discrete perturbation mutation and direction-driven reproduction are designed within the GA-based search framework. In addition, predication-based adaptation of reproduction-related parameters is implemented to speed up the search convergence. PSO-based jumping process is further devised to avoid stuck in local optimum. Benchmark-based experiments evaluated the efficiency of our method, which can achieve an attack success rate of 100% with averagely 52.95% reduced queries in contrast to existing black-box attacks on non-defensive models. For defensive DNN models, our method can obtain top attack performance with the query reduction up to 70.92% comparing with the candidates.