{"title":"Adversarial attack method based on enhanced spatial momentum","authors":"Jun Hu, Guanghao Wei, Shuyin Xia, Guoyin Wang","doi":"10.1007/s13042-024-02290-5","DOIUrl":null,"url":null,"abstract":"<p>Deep neural networks have been widely applied in many fields, but it is found that they are vulnerable to adversarial examples, which can mislead the DNN-based models with imperceptible perturbations. Many adversarial attack methods can achieve great success rates when attacking white-box models, but they usually exhibit poor transferability when attacking black-box models. Momentum iterative gradient-based methods can effectively improve the transferability of adversarial examples. Still, the momentum update mechanism of existing methods may lead to a problem of unstable gradient update direction and result in poor local optima. In this paper, we propose an enhanced spatial momentum iterative gradient-based adversarial attack method. Specifically, we introduce the spatial domain momentum accumulation mechanism. Instead of only accumulating the gradients of data points on the optimization path in the gradient update process, we additionally accumulate the average gradients of multiple sampling points within the neighborhood of data points. This mechanism fully utilizes the contextual gradient information of different regions within the image to smooth the accumulated gradients and find a more stable gradient update direction, thus escaping from poor local optima. Empirical results on the standard ImageNet dataset demonstrate that our method can significantly improve the attack success rate of momentum iterative gradient-based methods and shows excellent attack performance not only against normally trained models but also against adversarial training and defense models, outperforming the state-of-the-art methods.</p>","PeriodicalId":51327,"journal":{"name":"International Journal of Machine Learning and Cybernetics","volume":null,"pages":null},"PeriodicalIF":3.1000,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Machine Learning and Cybernetics","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s13042-024-02290-5","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Deep neural networks have been widely applied in many fields, but it is found that they are vulnerable to adversarial examples, which can mislead the DNN-based models with imperceptible perturbations. Many adversarial attack methods can achieve great success rates when attacking white-box models, but they usually exhibit poor transferability when attacking black-box models. Momentum iterative gradient-based methods can effectively improve the transferability of adversarial examples. Still, the momentum update mechanism of existing methods may lead to a problem of unstable gradient update direction and result in poor local optima. In this paper, we propose an enhanced spatial momentum iterative gradient-based adversarial attack method. Specifically, we introduce the spatial domain momentum accumulation mechanism. Instead of only accumulating the gradients of data points on the optimization path in the gradient update process, we additionally accumulate the average gradients of multiple sampling points within the neighborhood of data points. This mechanism fully utilizes the contextual gradient information of different regions within the image to smooth the accumulated gradients and find a more stable gradient update direction, thus escaping from poor local optima. Empirical results on the standard ImageNet dataset demonstrate that our method can significantly improve the attack success rate of momentum iterative gradient-based methods and shows excellent attack performance not only against normally trained models but also against adversarial training and defense models, outperforming the state-of-the-art methods.
期刊介绍:
Cybernetics is concerned with describing complex interactions and interrelationships between systems which are omnipresent in our daily life. Machine Learning discovers fundamental functional relationships between variables and ensembles of variables in systems. The merging of the disciplines of Machine Learning and Cybernetics is aimed at the discovery of various forms of interaction between systems through diverse mechanisms of learning from data.
The International Journal of Machine Learning and Cybernetics (IJMLC) focuses on the key research problems emerging at the junction of machine learning and cybernetics and serves as a broad forum for rapid dissemination of the latest advancements in the area. The emphasis of IJMLC is on the hybrid development of machine learning and cybernetics schemes inspired by different contributing disciplines such as engineering, mathematics, cognitive sciences, and applications. New ideas, design alternatives, implementations and case studies pertaining to all the aspects of machine learning and cybernetics fall within the scope of the IJMLC.
Key research areas to be covered by the journal include:
Machine Learning for modeling interactions between systems
Pattern Recognition technology to support discovery of system-environment interaction
Control of system-environment interactions
Biochemical interaction in biological and biologically-inspired systems
Learning for improvement of communication schemes between systems
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
