DADF: A Dynamic Adaptive Method for Generating Adversarial Examples

Deep neural networks (DNNs) have made remarkable achievements in several areas, such as image classification. However, extensive researches show that DNNs are vulnerable to adversarial examples which are generated by adding some small perturbations on original images. DeepFool is an effective algorithm for generating adversarial examples with higher success rate and smaller perturbations. However, DeepFool computes the distance of all classification boundaries of the dataset, which causes the speed of DeepFool to be very slow. To address this problem, this paper proposes DADF, a dynamic adaptive method for generating adversarial examples. Based on tracing the information of the attacking process, DADF dynamically selects the subset of target labels. The subset of target labels is dynamically updated once successful adversarial examples are generated. Experimental results on MNIST and CIFAR10 datasets show that, comparing with DeepFool, DADF reduce the time greatly while generating 10000 adversarial examples on the MNIST and CIFAR10 dataset.

[1]  Cheng Shi,et al.  Superpixel-based 3D deep neural networks for hyperspectral image classification , 2018, Pattern Recognit..

[2]  Kaiming He,et al.  Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[3]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[4]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[5]  Kibok Lee,et al.  Augmenting Supervised Neural Networks with Unsupervised Objectives for Large-scale Image Classification , 2016, ICML.

[6]  Dan Boneh,et al.  Ensemble Adversarial Training: Attacks and Defenses , 2017, ICLR.

[7]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[8]  Jia Xu,et al.  Fast Image Processing with Fully-Convolutional Networks , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[9]  Pietro Perona,et al.  Microsoft COCO: Common Objects in Context , 2014, ECCV.

[10]  Ali Farhadi,et al.  YOLOv3: An Incremental Improvement , 2018, ArXiv.

[11]  Tomas Pfister,et al.  Learning from Simulated and Unsupervised Images through Adversarial Training , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[12]  Wu-chi Feng,et al.  Leveraging Image Processing Techniques to Thwart Adversarial Attacks in Image Classification , 2019, 2019 IEEE International Symposium on Multimedia (ISM).

[13]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[14]  Jun Zhu,et al.  Improving Black-box Adversarial Attacks with a Transfer-based Prior , 2019, NeurIPS.

[15]  Alan L. Yuille,et al.  Adversarial Examples for Semantic Segmentation and Object Detection , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[16]  Shin Ishii,et al.  Distributional Smoothing with Virtual Adversarial Training , 2015, ICLR 2016.

[17]  Tianying Xie,et al.  Adding Gaussian Noise to DeepFool for Robustness based on Perturbation Directionality , 2019, Aust. J. Intell. Inf. Process. Syst..

[18]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.