Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Minimum Adversarial Examples
View through CrossRef
Deep neural networks in the area of information security are facing a severe threat from adversarial examples (AEs). Existing methods of AE generation use two optimization models: (1) taking the successful attack as the objective function and limiting perturbations as the constraint; (2) taking the minimum of adversarial perturbations as the target and the successful attack as the constraint. These all involve two fundamental problems of AEs: the minimum boundary of constructing the AEs and whether that boundary is reachable. The reachability means whether the AEs of successful attack models exist equal to that boundary. Previous optimization models have no complete answer to the problems. Therefore, in this paper, for the first problem, we propose the definition of the minimum AEs and give the theoretical lower bound of the amplitude of the minimum AEs. For the second problem, we prove that solving the generation of the minimum AEs is an NPC problem, and then based on its computational inaccessibility, we establish a new third optimization model. This model is general and can adapt to any constraint. To verify the model, we devise two specific methods for generating controllable AEs under the widely used distance evaluation standard of adversarial perturbations, namely Lp constraint and SSIM constraint (structural similarity). This model limits the amplitude of the AEs, reduces the solution space’s search cost, and is further improved in efficiency. In theory, those AEs generated by the new model which are closer to the actual minimum adversarial boundary overcome the blindness of the adversarial amplitude setting of the existing methods and further improve the attack success rate. In addition, this model can generate accurate AEs with controllable amplitude under different constraints, which is suitable for different application scenarios. In addition, through extensive experiments, they demonstrate a better attack ability under the same constraints as other baseline attacks. For all the datasets we test in the experiment, compared with other baseline methods, the attack success rate of our method is improved by approximately 10%.
Title: Minimum Adversarial Examples
Description:
Deep neural networks in the area of information security are facing a severe threat from adversarial examples (AEs).
Existing methods of AE generation use two optimization models: (1) taking the successful attack as the objective function and limiting perturbations as the constraint; (2) taking the minimum of adversarial perturbations as the target and the successful attack as the constraint.
These all involve two fundamental problems of AEs: the minimum boundary of constructing the AEs and whether that boundary is reachable.
The reachability means whether the AEs of successful attack models exist equal to that boundary.
Previous optimization models have no complete answer to the problems.
Therefore, in this paper, for the first problem, we propose the definition of the minimum AEs and give the theoretical lower bound of the amplitude of the minimum AEs.
For the second problem, we prove that solving the generation of the minimum AEs is an NPC problem, and then based on its computational inaccessibility, we establish a new third optimization model.
This model is general and can adapt to any constraint.
To verify the model, we devise two specific methods for generating controllable AEs under the widely used distance evaluation standard of adversarial perturbations, namely Lp constraint and SSIM constraint (structural similarity).
This model limits the amplitude of the AEs, reduces the solution space’s search cost, and is further improved in efficiency.
In theory, those AEs generated by the new model which are closer to the actual minimum adversarial boundary overcome the blindness of the adversarial amplitude setting of the existing methods and further improve the attack success rate.
In addition, this model can generate accurate AEs with controllable amplitude under different constraints, which is suitable for different application scenarios.
In addition, through extensive experiments, they demonstrate a better attack ability under the same constraints as other baseline attacks.
For all the datasets we test in the experiment, compared with other baseline methods, the attack success rate of our method is improved by approximately 10%.
Related Results
ProDef-MDS: A Proactive Defense Mechanism Protecting Malware Detection Systems from Adversarial Attacks
ProDef-MDS: A Proactive Defense Mechanism Protecting Malware Detection Systems from Adversarial Attacks
Malware threatens cybersecurity by enabling data theft, unauthorized access, and extortion. Traditional malware detection systems (MDS) struggle with the increasing volume and comp...
Improving Diversity and Quality of Adversarial Examples in Adversarial Transformation Network
Improving Diversity and Quality of Adversarial Examples in Adversarial Transformation Network
Abstract
This paper proposes a method to mitigate two major issues of Adversarial Transformation Networks (ATN) including the low diversity and the low quality of adversari...
Efficient Defense Against First Order Adversarial Attacks on Convolutional Neural Networks
Efficient Defense Against First Order Adversarial Attacks on Convolutional Neural Networks
Machine learning models, especially neural networks, are vulnerable to adversarial attacks, where inputs are purposefully altered to induce incorrect predictions. These adversarial...
An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems
An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems
Abstract
Machine learning (ML) and deep neural networks (DNN) have emerged as powerful tools for enhancing intrusion detection systems (IDS) in cybersecurity. However, re...
Targeted Universal Adversarial Examples for Remote Sensing
Targeted Universal Adversarial Examples for Remote Sensing
Researchers are focusing on the vulnerabilities of deep learning models for remote sensing; various attack methods have been proposed, including universal adversarial examples. Exi...
Adversarial examples attack based on random warm restart mechanism and improved Nesterov momentum
Adversarial examples attack based on random warm restart mechanism and improved Nesterov momentum
The deep learning algorithm has achieved great success in the field of computer vision, but some studies have pointed out that the deep learning model is vulnerable to attacks adve...
Adversarial examples attack based on random warm restart mechanism and improved Nesterov momentum
Adversarial examples attack based on random warm restart mechanism and improved Nesterov momentum
The deep learning algorithm has achieved great success in the field of
computer vision, but some studies have pointed out that the deep
learning model is vulnerable to attacks adve...
Adversarial Robustness Improvement for Deep Neural Networks
Adversarial Robustness Improvement for Deep Neural Networks
Abstract
Deep neural networks (DNNs) are key components for the implementation of autonomy in systems that operate in highly complex and unpredictable environments (self-dr...