摘要
深度神经网络已经应用于解决各种各样的问题并且在各种视觉任务实现了惊人的性能。但是,深度网络也很容易受到对抗攻击。攻击者在原始图像上加上细微人为设计的扰动,就能使深度网络做出错误的分类结果。然而,在不知道模型参数和结构的黑盒情况下,现有的大多数对抗攻击方法只能在非目标攻击方面取得不错的效果,在造成更加严重后果的目标攻击方面的成功率却很低。在目标攻击中,使用集成攻击并利用未知黑盒模型和已知白盒模型的输出衡量模型间的相似度,根据相似度动态调整白盒模型在集成攻击中的权重,提升黑盒攻击下目标攻击生成的对抗样本攻击效果。
Though deep neural networks have been applied in solving a wide variety of problems and achieved state-of-the-art performance on various vision tasks,they are vulnerable to adversarial examples which are crafted by adding human-imperceptible perturbations to legitimate inputs.However,under the black-box attack,where the attackers have no information about the model structure and parameters,most of the existing methods can only achieve good results in non-targeted attacks,but have a low success rate in more serious targeted attacks.In targeted attacks,ensemble approaches are used and the similarity between black-box and white-box models is measured using their outputs.Based on the similarity,the weights of the white-box model are dynamically adjusted to improve the adversarial examples attack effect generated by the targeted attack under the black-box setting.
出处
《工业控制计算机》
2023年第8期130-131,134,共3页
Industrial Control Computer
关键词
深度神经网络
黑盒攻击
对抗样本
目标攻击
deep neural networks
black-box attack
adversarial examples
targeted attacks
