An adaptive black box attack algorithm based on improved differential evolution

Abstract

As an important part of artificial intelligence technology, deep learning is widely used in various fields of contemporary society. The security of deep learning directly affects the effectiveness of its application in different fields. Effective attack algorithms can evaluate the security of deep learning models, and black box attacks are one of the important methods for testing the security of deep learning algorithms. An adaptive black box attack algorithm based on improved differential evolution is proposed to solve the problems of many queries, difficult selection of attack points that may cause higher attack costs in applications. The algorithm sets the variation factor as a linear decreasing function, uses the fitness function to adaptively control the change of the cross probability factor to improve the global search ability and accelerate the convergence rate, proposes a new variation strategy to enhance the ability of global search and local exploitation and the accuracy of searching attack points, and optimizes the loss function and the calculation method of gradient for defining decisions in deep learning models to improve the effectiveness and efficiency of black box attacks. The results of the comparison experiments show that the attack success rate is effectively improved and the average time and the average number of queries are reduced with the same attack success rate.