Black-Box Targeted Adversarial Attack Based on Multi-Population Genetic Algorithm

Yuuto Aiza, Chao Zhang, Jun Yu*

*この論文の責任著者

研究成果: 書籍の章/レポート/会議録会議への寄与査読

抄録

The fast gradient signed method (FGSM) is an efficient white-box attack method that uses the gradient information to generate adversarial examples. However, applying the classic FGSM to real-world applications is often difficult due to the challenge of obtaining the internal structure of the models. Therefore, we have made slight modifications to the conventional genetic algorithm (GA) to effectively optimize the gradient signed function of the classic FGSM and generate adversarial examples from the perspective of the black-box attack. To attack multiple given target classes simultaneously, we initialize multiple different subpopulations and ensure that each subpopulation attacks a specified target class. Additionally, we propose two different strategies to migrate successfully attacked subpopulations into unsuccessful ones to ramp up attacks on unsuccessful classes. To evaluate the performance of the proposed algorithm, we compare it with the conventional GA when attacking the well-trained VGG19-BN model on the CIFAR-10 database. Furthermore, we investigate the impact of the proposed strategies on performance and analyze their respective contributions. The experimental results confirm that the proposed algorithm can successfully attack a greater variety of classes at a faster rate.

本文言語英語
ホスト出版物のタイトル2023 IEEE International Conference on Systems, Man, and Cybernetics
ホスト出版物のサブタイトルImproving the Quality of Life, SMC 2023 - Proceedings
出版社Institute of Electrical and Electronics Engineers Inc.
ページ317-322
ページ数6
ISBN(電子版)9798350337020
DOI
出版ステータス出版済み - 2023
イベント2023 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2023 - Hybrid, Honolulu, 米国
継続期間: 2023/10/012023/10/04

出版物シリーズ

名前Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics
ISSN(印刷版)1062-922X

学会

学会2023 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2023
国/地域米国
CityHybrid, Honolulu
Period2023/10/012023/10/04

ASJC Scopus 主題領域

  • 電子工学および電気工学
  • 制御およびシステム工学
  • 人間とコンピュータの相互作用

フィンガープリント

「Black-Box Targeted Adversarial Attack Based on Multi-Population Genetic Algorithm」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル