A Multi-objective Memetic Algorithm for Auto Adversarial Attack Optimization Design

08/15/2022
by   Jialiang Sun, et al.
0

The phenomenon of adversarial examples has been revealed in variant scenarios. Recent studies show that well-designed adversarial defense strategies can improve the robustness of deep learning models against adversarial examples. However, with the rapid development of defense technologies, it also tends to be more difficult to evaluate the robustness of the defensed model due to the weak performance of existing manually designed adversarial attacks. To address the challenge, given the defensed model, the efficient adversarial attack with less computational burden and lower robust accuracy is needed to be further exploited. Therefore, we propose a multi-objective memetic algorithm for auto adversarial attack optimization design, which realizes the automatical search for the near-optimal adversarial attack towards defensed models. Firstly, the more general mathematical model of auto adversarial attack optimization design is constructed, where the search space includes not only the attacker operations, magnitude, iteration number, and loss functions but also the connection ways of multiple adversarial attacks. In addition, we develop a multi-objective memetic algorithm combining NSGA-II and local search to solve the optimization problem. Finally, to decrease the evaluation cost during the search, we propose a representative data selection strategy based on the sorting of cross entropy loss values of each images output by models. Experiments on CIFAR10, CIFAR100, and ImageNet datasets show the effectiveness of our proposed method.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/13/2023

Multi-objective Evolutionary Search of Variable-length Composite Semantic Perturbations

Deep neural networks have proven to be vulnerable to adversarial attacks...
research
06/02/2020

Perturbation Analysis of Gradient-based Adversarial Attacks

After the discovery of adversarial examples and their adverse effects on...
research
01/16/2021

Multi-objective Search of Robust Neural Architectures against Multiple Types of Adversarial Attacks

Many existing deep learning models are vulnerable to adversarial example...
research
12/10/2020

Composite Adversarial Attacks

Adversarial attack is a technique for deceiving Machine Learning (ML) mo...
research
11/09/2021

Tightening the Approximation Error of Adversarial Risk with Auto Loss Function Search

Numerous studies have demonstrated that deep neural networks are easily ...
research
05/23/2023

Model Stealing Attack against Multi-Exit Networks

Compared to traditional neural networks with a single exit, a multi-exit...
research
02/27/2021

Effective Universal Unrestricted Adversarial Attacks using a MOE Approach

Recent studies have shown that Deep Leaning models are susceptible to ad...

Please sign up or login with your details

Forgot password? Click here to reset