IWA: Integrated Gradient based White-box Attacks for Fooling Deep Neural
Networks
- URL: http://arxiv.org/abs/2102.02128v1
- Date: Wed, 3 Feb 2021 16:10:42 GMT
- Title: IWA: Integrated Gradient based White-box Attacks for Fooling Deep Neural
Networks
- Authors: Yixiang Wang, Jiqiang Liu, Xiaolin Chang, Jelena Mi\v{s}i\'c, and
Vojislav B. Mi\v{s}i\'c
- Abstract summary: Adversarial White-box Adversarial example generation algorithms (IWA): IFPA and IUA.
We propose two gradient based White-box Adversarial example generation algorithms (IWA): IFPA and IUA.
We verify the effectiveness of the proposed algorithms on both structured and unstructured datasets, and we compare them with five baseline generation algorithms.
- Score: 4.739554342067529
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The widespread application of deep neural network (DNN) techniques is being
challenged by adversarial examples, the legitimate input added with
imperceptible and well-designed perturbations that can fool DNNs easily in the
DNN testing/deploying stage. Previous adversarial example generation algorithms
for adversarial white-box attacks used Jacobian gradient information to add
perturbations. This information is too imprecise and inexplicit, which will
cause unnecessary perturbations when generating adversarial examples. This
paper aims to address this issue. We first propose to apply a more informative
and distilled gradient information, namely integrated gradient, to generate
adversarial examples. To further make the perturbations more imperceptible, we
propose to employ the restriction combination of $L_0$ and $L_1/L_2$ secondly,
which can restrict the total perturbations and perturbation points
simultaneously. Meanwhile, to address the non-differentiable problem of $L_1$,
we explore a proximal operation of $L_1$ thirdly. Based on these three works,
we propose two Integrated gradient based White-box Adversarial example
generation algorithms (IWA): IFPA and IUA. IFPA is suitable for situations
where there are a determined number of points to be perturbed. IUA is suitable
for situations where no perturbation point number is preset in order to obtain
more adversarial examples. We verify the effectiveness of the proposed
algorithms on both structured and unstructured datasets, and we compare them
with five baseline generation algorithms. The results show that our proposed
algorithms do craft adversarial examples with more imperceptible perturbations
and satisfactory crafting rate. $L_2$ restriction is more suitable for
unstructured dataset and $L_1$ restriction performs better in structured
dataset.
Related papers
- Rethinking PGD Attack: Is Sign Function Necessary? [131.6894310945647]
We present a theoretical analysis of how such sign-based update algorithm influences step-wise attack performance.
We propose a new raw gradient descent (RGD) algorithm that eliminates the use of sign.
The effectiveness of the proposed RGD algorithm has been demonstrated extensively in experiments.
arXiv Detail & Related papers (2023-12-03T02:26:58Z) - Asynchronous Training Schemes in Distributed Learning with Time Delay [17.259708772713164]
In the context of distributed deep learning, the issue of stale weights or gradients could result in poor algorithmic performance.
In this paper, we propose a different approach to tackle the issue of stale weights or gradients.
One practical variant of PC-ASGD is also proposed by adopting a condition to help with the determination of the tradeoff parameter.
arXiv Detail & Related papers (2022-08-28T07:14:59Z) - Discriminator-Free Generative Adversarial Attack [87.71852388383242]
Agenerative-based adversarial attacks can get rid of this limitation.
ASymmetric Saliency-based Auto-Encoder (SSAE) generates the perturbations.
The adversarial examples generated by SSAE not only make thewidely-used models collapse, but also achieves good visual quality.
arXiv Detail & Related papers (2021-07-20T01:55:21Z) - Sparse and Imperceptible Adversarial Attack via a Homotopy Algorithm [93.80082636284922]
Sparse adversarial attacks can fool deep networks (DNNs) by only perturbing a few pixels.
Recent efforts combine it with another l_infty perturbation on magnitudes.
We propose a homotopy algorithm to tackle the sparsity and neural perturbation framework.
arXiv Detail & Related papers (2021-06-10T20:11:36Z) - An Empirical Study of Derivative-Free-Optimization Algorithms for
Targeted Black-Box Attacks in Deep Neural Networks [8.368543987898732]
This paper considers four pre-existing state-of-the-art DFO-based algorithms along with the introduction of a new algorithm built on BOBYQA.
We compare these algorithms in a variety of settings according to the fraction of images that they successfully misclassify.
Experiments disclose how the likelihood of finding an adversarial example depends on both the algorithm used and the setting of the attack.
arXiv Detail & Related papers (2020-12-03T13:32:20Z) - Boosting Gradient for White-Box Adversarial Attacks [60.422511092730026]
We propose a universal adversarial example generation method, called ADV-ReLU, to enhance the performance of gradient based white-box attack algorithms.
Our approach calculates the gradient of the loss function versus network input, maps the values to scores, and selects a part of them to update the misleading gradients.
arXiv Detail & Related papers (2020-10-21T02:13:26Z) - A black-box adversarial attack for poisoning clustering [78.19784577498031]
We propose a black-box adversarial attack for crafting adversarial samples to test the robustness of clustering algorithms.
We show that our attacks are transferable even against supervised algorithms such as SVMs, random forests, and neural networks.
arXiv Detail & Related papers (2020-09-09T18:19:31Z) - GeoDA: a geometric framework for black-box adversarial attacks [79.52980486689287]
We propose a framework to generate adversarial examples in one of the most challenging black-box settings.
Our framework is based on the observation that the decision boundary of deep networks usually has a small mean curvature in the vicinity of data samples.
arXiv Detail & Related papers (2020-03-13T20:03:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.