Approximating High-Order Adversarial Attacks Using Runge-Kutta Methods

IF 6.6 1区计算机科学 Q1 Multidisciplinary

Tsinghua Science and Technology Pub Date : 2025-04-29 DOI:10.26599/TST.2024.9010154

Anjie Peng;Guoqiang Shi;Zhi Lin;Hui Zeng;Xing Yang

{"title":"Approximating High-Order Adversarial Attacks Using Runge-Kutta Methods","authors":"Anjie Peng;Guoqiang Shi;Zhi Lin;Hui Zeng;Xing Yang","doi":"10.26599/TST.2024.9010154","DOIUrl":null,"url":null,"abstract":"Adversarial attacks craft adversarial examples (AEs) to fool convolution neural networks. The mainstream gradient-based attacks, based on first-order optimization methods, encounter bottlenecks to generate high transferable AEs attacking unknown models. Considering that the high-order method would be a better optimization algorithm, we attempt to build high-order adversarial attacks to improve the transferability of AEs. However, solving the optimization problem of adversarial attacks directly via higher-order derivatives is computationally difficult and may face the non-convergence problem. So, we leverage the Runge-Kutta (RK) method, which is an accurate yet efficient high-order numerical solver of ordinary differential equation (ODE), to approximate high-order adversarial attacks. We first induce the gradient descent process of gradient-based attack as an ODE, and then numerically solve the ODE via RK method to develop approximated high-order adversarial attacks. Concretely, through ignoring the higher-order infinitesimal item in the Taylor expansion of the loss, the proposed method utilizes a linear combination of the present gradient and looking-ahead gradients to replace the computationally expensive high-order derivatives, and yields a relatively fast equivalent high-order adversarial attack. The proposed high-order adversarial attack can be extensively integrated with transferability augmentation methods to generate high transferable AEs. Extensive experiments demonstrate that the RK-based attacks exhibit higher transferability than the state of the arts.","PeriodicalId":48690,"journal":{"name":"Tsinghua Science and Technology","volume":"30 5","pages":"1927-1939"},"PeriodicalIF":6.6000,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10979816","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Tsinghua Science and Technology","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10979816/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial attacks craft adversarial examples (AEs) to fool convolution neural networks. The mainstream gradient-based attacks, based on first-order optimization methods, encounter bottlenecks to generate high transferable AEs attacking unknown models. Considering that the high-order method would be a better optimization algorithm, we attempt to build high-order adversarial attacks to improve the transferability of AEs. However, solving the optimization problem of adversarial attacks directly via higher-order derivatives is computationally difficult and may face the non-convergence problem. So, we leverage the Runge-Kutta (RK) method, which is an accurate yet efficient high-order numerical solver of ordinary differential equation (ODE), to approximate high-order adversarial attacks. We first induce the gradient descent process of gradient-based attack as an ODE, and then numerically solve the ODE via RK method to develop approximated high-order adversarial attacks. Concretely, through ignoring the higher-order infinitesimal item in the Taylor expansion of the loss, the proposed method utilizes a linear combination of the present gradient and looking-ahead gradients to replace the computationally expensive high-order derivatives, and yields a relatively fast equivalent high-order adversarial attack. The proposed high-order adversarial attack can be extensively integrated with transferability augmentation methods to generate high transferable AEs. Extensive experiments demonstrate that the RK-based attacks exhibit higher transferability than the state of the arts.

查看原文本刊更多论文

用龙格-库塔方法逼近高阶对抗性攻击

对抗性攻击使用对抗性示例（ae）来欺骗卷积神经网络。主流的基于梯度的攻击基于一阶优化方法，在生成攻击未知模型的高可转移AEs时遇到瓶颈。考虑到高阶方法是一种更好的优化算法，我们尝试构建高阶对抗性攻击来提高AEs的可转移性。然而，直接通过高阶导数求解对抗性攻击的优化问题计算困难，并且可能面临不收敛问题。因此，我们利用Runge-Kutta （RK）方法来近似高阶对抗性攻击，这是一种精确而高效的常微分方程（ODE）高阶数值求解器。首先将基于梯度的攻击的梯度下降过程归纳为ODE，然后通过RK方法对ODE进行数值求解，得到近似的高阶对抗性攻击。具体而言，该方法通过忽略损失的泰勒展开式中的高阶无穷小项，利用当前梯度和前瞻梯度的线性组合来取代计算代价高昂的高阶导数，并产生相对快速的等效高阶对抗性攻击。所提出的高阶对抗性攻击可以与可转移性增强方法广泛集成，以生成高可转移的ae。大量的实验表明，基于rk的攻击比目前的技术表现出更高的可转移性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Tsinghua Science and Technology COMPUTER SCIENCE, INFORMATION SYSTEMSCOMPU-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

10.20

自引率

10.60%

发文量

2340

期刊介绍： Tsinghua Science and Technology (Tsinghua Sci Technol) started publication in 1996. It is an international academic journal sponsored by Tsinghua University and is published bimonthly. This journal aims at presenting the up-to-date scientific achievements in computer science, electronic engineering, and other IT fields. Contributions all over the world are welcome.