| 基于高维特征的图像对抗攻击算法 |
| |
| 作者姓名: | 林大权 范睿 张良峰 |
| |
| 作者单位: | 1.上海科技大学信息科学与技术学院, 上海 201210;2.中国科学院上海微系统与信息技术研究所, 上海 200050;3.中国科学院大学, 北京 100049 |
| |
| 基金项目: | 国家自然科学基金(61602304)资助 |
| |
| 摘 要: | 为了攻击最先进的对抗防御方法,提出一种基于高维特征的图像对抗攻击算法——FB-PGD(feature based projected gradient descent)。该算法通过迭代的方式给待攻击图像添加扰动,使待攻击图像的特征与目标图像的特征相似,从而生成对抗样本。实验部分,在多种数据集和防御模型上,与现存的攻击算法对比,证实了FB-PGD算法不仅在以往的防御方法上攻击性能优异,同时在最先进的两个防御方法上,攻击成功率较常见的攻击方法提升超过20 % 。因此,FB-PGD算法可以成为检验防御方法的新基准。
|
| 关 键 词: | 对抗样本 鲁棒性 图像分类 深度学习 安全 |
| 收稿时间: | 2020-04-23 |
| 修稿时间: | 2020-05-18 |
Image adversarial attack algorithm based on high-dimensional feature |
| |
| Authors: | LIN Daquan FAN Rui ZHANG Liangfeng |
| |
| Institution: | 1.School of Information Science & Technology, ShanghaiTech University, Shanghai 201210, China;2.Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences, Shanghai 200050, China;3.University of Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | In order to attack state-of-the-art adversarial defense methods, an image adversarial attack algorithm based on high-dimensional features called FB-PGD(feature based projected gradient descent) is proposed. It increases the similarity between clean image features and target image features by adding perturbation to clean image iteratively, then adversarial examples will be generated. In the experimental section, by comparing with existing adversarial attack algorithms on different defense models, the result shows that this attack algorithm not only has strong attack performance in the previous defense methods but also increases attack success rate more than 20WTB4]%WTBZ] compared to common adversarial attack algorithms in two state-of-the-art defense methods on a variety of datasets. So, the adversarial attack algorithm can be used as a new benchmark to test defense. |
| |
| Keywords: | adversarial examples robustness image classification deep learning security |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
