| 基于决策边界搜索的对抗样本生成算法 |
| |
| 引用本文: | 刘欣刚,江浩杨,苏鑫,冯晶.基于决策边界搜索的对抗样本生成算法[J].电子科技大学学报(自然科学版),2022,51(5):721-727. |
| |
| 作者姓名: | 刘欣刚 江浩杨 苏鑫 冯晶 |
| |
| 作者单位: | 电子科技大学信息与通信工程学院 成都 611731 |
| |
| 基金项目: | 国家自然科学基金(61872404) |
| |
| 摘 要: | 神经网络模型已被广泛运用于人工智能领域,并取得了成功,然而当前神经网络面临着对抗样本攻击的困扰。对抗样本是一种人为构造的虚假数据,可使得神经网络输出错误的结果。故提出了一种基于神经网络决策边界搜索的对抗样本生成算法。首先,在两个真实样本之间使用二分搜索来找到一个初始攻击点。然后,计算神经网络在决策边界面上的法线向量,以找到神经网络最敏感的方向。最后,使用方向信息迭代找到更接近原始数据点的对抗样本,直到对抗样本收敛。在公开的数据集上,使用该算法进行对抗样本攻击实验,实验结果表明该算法能够生成对抗扰动更小的对抗样本,并且可以与其他攻击算法结合,达到较好的攻击效果。
|
| 关 键 词: | 对抗攻击 对抗样本 神经网络 优化 |
| 收稿时间: | 2021-12-23 |
Adversarial ExamplesGeneration Algorithm Based on Decision Boundary Search |
| |
| Affiliation: | School of Information and Communication Engineering, University of Electronic Science and Technology of China Chengdu 611731 |
| |
| Abstract: | The neural network model has been widely used in the fields of artificial intelligence, and has achieved great success. However, the current neural network is facing the problem of adversarial examples attack, which is artificially constructed fake data that can cause a neural network to output incorrect results. This paper proposes an adversarial examples generation algorithm based on searching the decision boundary of neural network. Firstly, weusebinary search between two real samples to find aninitialattacking point. And then,we calculate the normal vector of the neural network on the decision boundary surface, in order to find the most sensitive direction of the neural network. Finally, we usethe direction information to iteratively find the adversarialexample closer to the original data point until the adversarial example converges. By applying the proposed algorithm on the public data sets, the experimental results show that the algorithm can generate adversarial examples with smaller adversarial perturbations, and it can be combined with other attack algorithms to achieve a better attack result. |
| |
| Keywords: | |
|
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
