针对可解释深度学习的隐形查询高效不透明攻击

IF 5.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Reliability Pub Date : 2025-04-02 DOI:10.1109/TR.2025.3551717

Eldor Abdukhamidov;Mohammed Abuhamad;Simon S. Woo;Eric Chan-Tin;Tamer Abuhmed

{"title":"针对可解释深度学习的隐形查询高效不透明攻击","authors":"Eldor Abdukhamidov;Mohammed Abuhamad;Simon S. Woo;Eric Chan-Tin;Tamer Abuhmed","doi":"10.1109/TR.2025.3551717","DOIUrl":null,"url":null,"abstract":"Deep neural network (DNN) models are susceptible to adversarial samples in white-box and opaqueenvironments. Although previous studies have shown high attack success rates, coupling DNN models with interpretation models could offer a sense of security when a human expert is involved. However, in white-box environments, interpretable deep learning systems (IDLSes) have been shown to be vulnerable to malicious manipulations. As access to the components of IDLSes is limited in opaquesettings, it becomes more challenging for the adversary to fool the system. In this work, we propose a <italic>Qu</i>ery-efficient <italic>Score</i>-based opaque attack against IDLSes, which requires no knowledge of the target model and its coupled interpretation model. By continuously refining the adversarial samples created based on feedback scores from the IDLS, our approach effectively reduces the number of model queries and navigates the search space to identify perturbations that can fool the system. We evaluate the attack's effectiveness on four convolutional neural network (CNN) models and two interpretation models, using both ImageNet and CIFAR datasets. Our results show that the proposed approach is query-efficient with a high attack success rate that can reach more than 95%, and an average transferability success rate of 69%. We have also demonstrated that our attack is resilient against various preprocessing defense techniques.","PeriodicalId":56305,"journal":{"name":"IEEE Transactions on Reliability","volume":"74 3","pages":"3484-3498"},"PeriodicalIF":5.7000,"publicationDate":"2025-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Stealthy Query-Efficient OpaqueAttack Against Interpretable Deep Learning\",\"authors\":\"Eldor Abdukhamidov;Mohammed Abuhamad;Simon S. Woo;Eric Chan-Tin;Tamer Abuhmed\",\"doi\":\"10.1109/TR.2025.3551717\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep neural network (DNN) models are susceptible to adversarial samples in white-box and opaqueenvironments. Although previous studies have shown high attack success rates, coupling DNN models with interpretation models could offer a sense of security when a human expert is involved. However, in white-box environments, interpretable deep learning systems (IDLSes) have been shown to be vulnerable to malicious manipulations. As access to the components of IDLSes is limited in opaquesettings, it becomes more challenging for the adversary to fool the system. In this work, we propose a <italic>Qu</i>ery-efficient <italic>Score</i>-based opaque attack against IDLSes, which requires no knowledge of the target model and its coupled interpretation model. By continuously refining the adversarial samples created based on feedback scores from the IDLS, our approach effectively reduces the number of model queries and navigates the search space to identify perturbations that can fool the system. We evaluate the attack's effectiveness on four convolutional neural network (CNN) models and two interpretation models, using both ImageNet and CIFAR datasets. Our results show that the proposed approach is query-efficient with a high attack success rate that can reach more than 95%, and an average transferability success rate of 69%. We have also demonstrated that our attack is resilient against various preprocessing defense techniques.\",\"PeriodicalId\":56305,\"journal\":{\"name\":\"IEEE Transactions on Reliability\",\"volume\":\"74 3\",\"pages\":\"3484-3498\"},\"PeriodicalIF\":5.7000,\"publicationDate\":\"2025-04-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Reliability\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10947356/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Reliability","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10947356/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

深度神经网络（DNN）模型在白盒和不透明环境中容易受到对抗性样本的影响。虽然之前的研究表明攻击成功率很高，但当有人类专家参与时，将DNN模型与解释模型相结合可以提供一种安全感。然而，在白盒环境中，可解释深度学习系统（IDLSes）已被证明容易受到恶意操纵。由于对idlse组件的访问在不透明设置中受到限制，攻击者要欺骗系统变得更具挑战性。在这项工作中，我们提出了一种针对idlse的基于查询效率分数的不透明攻击，该攻击不需要了解目标模型及其耦合解释模型。通过不断改进基于IDLS反馈分数创建的对抗性样本，我们的方法有效地减少了模型查询的数量，并导航搜索空间以识别可能欺骗系统的扰动。我们使用ImageNet和CIFAR数据集，在四种卷积神经网络（CNN）模型和两种解释模型上评估了攻击的有效性。结果表明，该方法具有较高的查询效率，攻击成功率可达95%以上，平均可转移成功率为69%。我们还证明了我们的攻击对各种预处理防御技术具有弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Stealthy Query-Efficient OpaqueAttack Against Interpretable Deep Learning

Deep neural network (DNN) models are susceptible to adversarial samples in white-box and opaqueenvironments. Although previous studies have shown high attack success rates, coupling DNN models with interpretation models could offer a sense of security when a human expert is involved. However, in white-box environments, interpretable deep learning systems (IDLSes) have been shown to be vulnerable to malicious manipulations. As access to the components of IDLSes is limited in opaquesettings, it becomes more challenging for the adversary to fool the system. In this work, we propose a Query-efficient Score-based opaque attack against IDLSes, which requires no knowledge of the target model and its coupled interpretation model. By continuously refining the adversarial samples created based on feedback scores from the IDLS, our approach effectively reduces the number of model queries and navigates the search space to identify perturbations that can fool the system. We evaluate the attack's effectiveness on four convolutional neural network (CNN) models and two interpretation models, using both ImageNet and CIFAR datasets. Our results show that the proposed approach is query-efficient with a high attack success rate that can reach more than 95%, and an average transferability success rate of 69%. We have also demonstrated that our attack is resilient against various preprocessing defense techniques.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Reliability 工程技术-工程：电子与电气

CiteScore

12.20

自引率

8.50%

发文量

153

审稿时长

7.5 months

期刊介绍： IEEE Transactions on Reliability is a refereed journal for the reliability and allied disciplines including, but not limited to, maintainability, physics of failure, life testing, prognostics, design and manufacture for reliability, reliability for systems of systems, network availability, mission success, warranty, safety, and various measures of effectiveness. Topics eligible for publication range from hardware to software, from materials to systems, from consumer and industrial devices to manufacturing plants, from individual items to networks, from techniques for making things better to ways of predicting and measuring behavior in the field. As an engineering subject that supports new and existing technologies, we constantly expand into new areas of the assurance sciences.