Black-Box Targeted Adversarial Attack Based on Multi-Population Genetic Algorithm

Yuuto Aiza, Chao Zhang, Jun Yu*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The fast gradient signed method (FGSM) is an efficient white-box attack method that uses the gradient information to generate adversarial examples. However, applying the classic FGSM to real-world applications is often difficult due to the challenge of obtaining the internal structure of the models. Therefore, we have made slight modifications to the conventional genetic algorithm (GA) to effectively optimize the gradient signed function of the classic FGSM and generate adversarial examples from the perspective of the black-box attack. To attack multiple given target classes simultaneously, we initialize multiple different subpopulations and ensure that each subpopulation attacks a specified target class. Additionally, we propose two different strategies to migrate successfully attacked subpopulations into unsuccessful ones to ramp up attacks on unsuccessful classes. To evaluate the performance of the proposed algorithm, we compare it with the conventional GA when attacking the well-trained VGG19-BN model on the CIFAR-10 database. Furthermore, we investigate the impact of the proposed strategies on performance and analyze their respective contributions. The experimental results confirm that the proposed algorithm can successfully attack a greater variety of classes at a faster rate.

Original languageEnglish
Title of host publication2023 IEEE International Conference on Systems, Man, and Cybernetics
Subtitle of host publicationImproving the Quality of Life, SMC 2023 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages317-322
Number of pages6
ISBN (Electronic)9798350337020
DOIs
StatePublished - 2023
Event2023 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2023 - Hybrid, Honolulu, United States
Duration: 2023/10/012023/10/04

Publication series

NameConference Proceedings - IEEE International Conference on Systems, Man and Cybernetics
ISSN (Print)1062-922X

Conference

Conference2023 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2023
Country/TerritoryUnited States
CityHybrid, Honolulu
Period2023/10/012023/10/04

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Control and Systems Engineering
  • Human-Computer Interaction

Fingerprint

Dive into the research topics of 'Black-Box Targeted Adversarial Attack Based on Multi-Population Genetic Algorithm'. Together they form a unique fingerprint.

Cite this