Semantic Preserving Adversarial Attack Generation with Autoencoder and Genetic Algorithm

作     者：Wang, Xinyi Enoch, Simon Yusuf Kim, Dan Dongseong 

作者机构：School of Info. Tech and Elec. Engr. University of Queensland Brisbane Australia Department of Computer Science Federal University Kashere Gombe Nigeria 

出 版 物：《arXiv》 (arXiv)

年 卷 期：2022年

核心收录：

主　　题：Semantics 

摘      要：Widely used deep learning models are found to have poor robustness. Little noises can fool state-of-the-art models into making incorrect predictions. While there is a great deal of high-performance attack generation methods, most of them directly add perturbations to original data and measure them using L_p norms;this can break the major structure of data, thus, creating invalid attacks. In this paper, we propose a black-box attack, which, instead of modifying original data, modifies latent features of data extracted by an autoencoder;then, we measure noises in semantic space to protect the semantics of data. We trained autoencoders on MNIST and CIFAR-10 datasets and found optimal adversarial perturbations using a genetic algorithm. Our approach achieved a 100% attack success rate on the first 100 data of MNIST and CIFAR-10 datasets with less perturbation than FGSM. © 2022, CC BY.