摘要
为高效地寻找基于决策的黑盒攻击下的对抗样本,提出一种利用模型之间的迁移性提升对抗起点的方法。通过模型之间的迁移性来循环叠加干扰图像,生成初始样本作为新的攻击起点进行边界攻击,实现基于决策的无目标黑盒对抗攻击和有目标黑盒对抗攻击。实验结果表明,无目标攻击节省了23%的查询次数,有目标攻击节省了17%的查询次数,且整个黑盒攻击算法所需时间低于原边界攻击算法所耗费的时间。
In order to efficiently find the adversarial samples under the decision-based black box attacks,a method using the mobility between models is proposed to enhance the adversarial starting point.The mobility is used to circularly superimpose interference images,and samples are generated as a new starting point for boundary attacks.Thus the decision making-based non-target adversarial black box attacks and targeted adversarial black box attacks are realized.Experimental results show that the query times required for the non-target attacks is reduced by 23%,and that required for the targeted attacks is reduced by 17%.Moreover,the whole black box attack algorithm takes less time than the original boundary attack algorithm.
作者
陈晓楠
胡建敏
张本俊
陈爱玲
CHEN Xiaonan;HU Jianmin;ZHANG Benjun;CHEN Ailing(Joint Logistics College,National Defense University,Beijing 100089,China;College of Electronic Information Engineering,Nanjing University of Aeronautics and Astronautics,Nanjing 211100,China;Yantai Experimental Middle School of Shandong Province,Yantai,Shandong 265500,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2021年第8期162-169,共8页
Computer Engineering
基金
全军军事类研究生重点资助课题(JY2019B041,JY2020B037)
全军军事理论重点课题(20GDJ2651B)。
关键词
黑盒攻击
对抗样本
迁移性
初始样本
边界攻击
无目标攻击
有目标攻击
black box attack
adversarial sample
mobility
initial sample
boundary attack
non-target attack
targeted attack
