咨询与建议

看过本文的还看了

相关文献

该作者的其他文献

文献详情 >Semantic Preserving Adversaria... 收藏
arXiv

Semantic Preserving Adversarial Attack Generation with Autoencoder and Genetic Algorithm

作     者:Wang, Xinyi Enoch, Simon Yusuf Kim, Dan Dongseong 

作者机构:School of Info. Tech and Elec. Engr. University of Queensland Brisbane Australia Department of Computer Science Federal University Kashere Gombe Nigeria 

出 版 物:《arXiv》 (arXiv)

年 卷 期:2022年

核心收录:

主  题:Semantics 

摘      要:Widely used deep learning models are found to have poor robustness. Little noises can fool state-of-the-art models into making incorrect predictions. While there is a great deal of high-performance attack generation methods, most of them directly add perturbations to original data and measure them using L_p norms;this can break the major structure of data, thus, creating invalid attacks. In this paper, we propose a black-box attack, which, instead of modifying original data, modifies latent features of data extracted by an autoencoder;then, we measure noises in semantic space to protect the semantics of data. We trained autoencoders on MNIST and CIFAR-10 datasets and found optimal adversarial perturbations using a genetic algorithm. Our approach achieved a 100% attack success rate on the first 100 data of MNIST and CIFAR-10 datasets with less perturbation than FGSM. © 2022, CC BY.

读者评论 与其他读者分享你的观点

用户名:未登录
我的评分