ADSAttack: An Adversarial Attack Algorithm via Searching Adversarial Distribution in Latent Space-Reference-Cited by-同舟云学术

ADSAttack: An Adversarial Attack Algorithm via Searching Adversarial Distribution in Latent Space

Published:2023-02-06 Issue:4 Volume:12 Page:816
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Wang Haobo¹^ORCID,Zhu Chenxi¹^ORCID,Cao Yangjie¹^ORCID,Zhuang Yan¹^ORCID,Li Jie²^ORCID,Chen Xianfu³

Affiliation:

1. School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450000, China

2. Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200000, China

3. VTT Technical Research Centre of Finland, 90100 Oulu, Finland

Abstract

Deep neural networks are susceptible to interference from deliberately crafted noise, which can lead to incorrect classification results. Existing approaches make less use of latent space information and conduct pixel-domain modification in the input space instead, which increases the computational cost and decreases the transferability. In this work, we propose an effective adversarial distribution searching-driven attack (ADSAttack) algorithm to generate adversarial examples against deep neural networks. ADSAttack introduces an affiliated network to search for potential distributions in image latent space for synthesizing adversarial examples. ADSAttack uses an edge-detection algorithm to locate low-level feature mapping in input space to sketch the minimum effective disturbed area. Experimental results demonstrate that ADSAttack achieves higher transferability, better imperceptible visualization, and faster generation speed compared to traditional algorithms. To generate 1000 adversarial examples, ADSAttack takes 11.08s and, on average, achieves a success rate of 98.01%.

Funder

National Natural Science Foundation of China

Collaborative Innovation Major Project of Zhengzhou

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/4/816/pdf

Reference36 articles.

1. Maqueda, A.I., Loquercio, A., Gallego, G., García, N., and Scaramuzza, D. (2018, January 18–23). Event-based vision meets deep learning on steering prediction for self-driving cars. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA.

2. Machine learning for medical diagnosis: History, state of the art and perspective;Kononenko;Artif. Intell. Med.,2001

3. Goodfellow, I.J., Shlens, J., and Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv.

4. Guo, W., Tondi, B., and Barni, M. (2021). An overview of backdoor attacks against deep neural networks and possible defences. arXiv.

5. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., and Fergus, R. (2013). Intriguing properties of neural networks. arXiv.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A review of black-box adversarial attacks on image classification;Neurocomputing;2024-12

2. Boosting Adversarial Attacks with Nadam Optimizer;Electronics;2023-03-20