TY - GEN
T1 - Black-Box Targeted Adversarial Attack Based on Multi-Population Genetic Algorithm
AU - Aiza, Yuuto
AU - Zhang, Chao
AU - Yu, Jun
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The fast gradient signed method (FGSM) is an efficient white-box attack method that uses the gradient information to generate adversarial examples. However, applying the classic FGSM to real-world applications is often difficult due to the challenge of obtaining the internal structure of the models. Therefore, we have made slight modifications to the conventional genetic algorithm (GA) to effectively optimize the gradient signed function of the classic FGSM and generate adversarial examples from the perspective of the black-box attack. To attack multiple given target classes simultaneously, we initialize multiple different subpopulations and ensure that each subpopulation attacks a specified target class. Additionally, we propose two different strategies to migrate successfully attacked subpopulations into unsuccessful ones to ramp up attacks on unsuccessful classes. To evaluate the performance of the proposed algorithm, we compare it with the conventional GA when attacking the well-trained VGG19-BN model on the CIFAR-10 database. Furthermore, we investigate the impact of the proposed strategies on performance and analyze their respective contributions. The experimental results confirm that the proposed algorithm can successfully attack a greater variety of classes at a faster rate.
AB - The fast gradient signed method (FGSM) is an efficient white-box attack method that uses the gradient information to generate adversarial examples. However, applying the classic FGSM to real-world applications is often difficult due to the challenge of obtaining the internal structure of the models. Therefore, we have made slight modifications to the conventional genetic algorithm (GA) to effectively optimize the gradient signed function of the classic FGSM and generate adversarial examples from the perspective of the black-box attack. To attack multiple given target classes simultaneously, we initialize multiple different subpopulations and ensure that each subpopulation attacks a specified target class. Additionally, we propose two different strategies to migrate successfully attacked subpopulations into unsuccessful ones to ramp up attacks on unsuccessful classes. To evaluate the performance of the proposed algorithm, we compare it with the conventional GA when attacking the well-trained VGG19-BN model on the CIFAR-10 database. Furthermore, we investigate the impact of the proposed strategies on performance and analyze their respective contributions. The experimental results confirm that the proposed algorithm can successfully attack a greater variety of classes at a faster rate.
UR - http://www.scopus.com/inward/record.url?scp=85187292215&partnerID=8YFLogxK
U2 - 10.1109/SMC53992.2023.10393964
DO - 10.1109/SMC53992.2023.10393964
M3 - 会議への寄与
AN - SCOPUS:85187292215
T3 - Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics
SP - 317
EP - 322
BT - 2023 IEEE International Conference on Systems, Man, and Cybernetics
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2023
Y2 - 1 October 2023 through 4 October 2023
ER -