Using FGSM Targeted Attack to Improve the Transferability of Adversarial Example

Abstract

At present, many people pay attention to the safety problems of artificial intelligence, and the emergence of adversarial examples is one of these problems. The adversarial examples can be used to attack a neural network classification model to make its classification wrong. It is an important method to improve the attack effect of adversarial examples by improving the transferability of adversarial examples and enabling them to attack multiple different neural network classification models at the same time. When we use FGSM algorithm to attack a model, first, we set ∊ a medium magnitude value, and then use targeted attack, which can improve the transferability of the adversarial examples generated by this algorithm. We can use FGSM algorithm to carry out white-box attack on the neural network model. The first step is to set a fixed value. Then, because FGSM algorithm is non-targeted attack, when adding a termination condition of iterative attack, we can use FGSM algorithm to carry out targeted attack, so that the generated adversarial examples can be identified as specific tags by the neural network model. We found that the transferability of the adversarial examples generated in this way is improved and these adversarial examples can attack many different neural network models.