| 基于模型间迁移性的黑盒对抗攻击起点提升方法 |
| |
| 引用本文: | 陈晓楠,胡建敏,张本俊,陈爱玲. 基于模型间迁移性的黑盒对抗攻击起点提升方法[J]. 计算机工程, 2021, 47(8): 162-169. DOI: 10.19678/j.issn.1000-3428.0059105 |
| |
| 作者姓名: | 陈晓楠 胡建敏 张本俊 陈爱玲 |
| |
| 作者单位: | 国防大学 联合勤务学院,北京 100089;南京航空航天大学 电子信息工程学院,南京 211100;山东省烟台市实验中学,山东 烟台 265500 |
| |
| 基金项目: | 全军军事类研究生重点资助课题(JY2019B041,JY2020B037);全军军事理论重点课题(20GDJ2651B)。 |
| |
| 摘 要: | 为高效地寻找基于决策的黑盒攻击下的对抗样本,提出一种利用模型之间的迁移性提升对抗起点的方法.通过模型之间的迁移性来循环叠加干扰图像,生成初始样本作为新的攻击起点进行边界攻击,实现基于决策的无目标黑盒对抗攻击和有目标黑盒对抗攻击.实验结果表明,无目标攻击节省了23%的查询次数,有目标攻击节省了17%的查询次数,且整个黑盒...
|
| 关 键 词: | 黑盒攻击 对抗样本 迁移性 初始样本 边界攻击 无目标攻击 有目标攻击 |
| 收稿时间: | 2020-07-30 |
| 修稿时间: | 2020-09-16 |
Black Box Adversarial Attack Starting Point Promotion Method Based on Mobility Between Models |
| |
| CHEN Xiaonan,HU Jianmin,ZHANG Benjun,CHEN Ailing. Black Box Adversarial Attack Starting Point Promotion Method Based on Mobility Between Models[J]. Computer Engineering, 2021, 47(8): 162-169. DOI: 10.19678/j.issn.1000-3428.0059105 |
| |
| Authors: | CHEN Xiaonan HU Jianmin ZHANG Benjun CHEN Ailing |
| |
| Affiliation: | 1. Joint Logistics College, National Defense University, Beijing 100089, China;2. College of Electronic Information Engineering, Nanjing University of Aeronautics and Astronautics, Nanjing 211100, China;3. Yantai Experimental Middle School of Shandong Province, Yantai, Shandong 265500, China |
| |
| Abstract: | In order to efficiently find the adversarial samples under the decision-based black box attacks, a method using the mobility between models is proposed to enhance the adversarial starting point. The mobility is used to circularly superimpose interference images, and samples are generated as a new starting point for boundary attacks. Thus the decision making-based non-target adversarial black box attacks and targeted adversarial black box attacks are realized. Experimental results show that the query times required for the non-target attacks is reduced by 23%, and that required for the targeted attacks is reduced by 17%. Moreover, the whole black box attack algorithm takes less time than the original boundary attack algorithm. |
| |
| Keywords: | black box attack adversarial sample mobility initial sample boundary attack non-target attack targeted attack |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
