Abstract
At present, many people pay attention to the safety problems of artificial intelligence, and the emergence of adversarial examples is one of these problems. The adversarial examples can be used to attack a neural network classification model to make its classification wrong. It is an important method to improve the attack effect of adversarial examples by improving the transferability of adversarial examples and enabling them to attack multiple different neural network classification models at the same time. When we use FGSM algorithm to attack a model, first, we set ∊ a medium magnitude value, and then use targeted attack, which can improve the transferability of the adversarial examples generated by this algorithm. We can use FGSM algorithm to carry out white-box attack on the neural network model. The first step is to set a fixed value. Then, because FGSM algorithm is non-targeted attack, when adding a termination condition of iterative attack, we can use FGSM algorithm to carry out targeted attack, so that the generated adversarial examples can be identified as specific tags by the neural network model. We found that the transferability of the adversarial examples generated in this way is improved and these adversarial examples can attack many different neural network models.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
