摘要
当前基于迁移性的黑盒攻击通常使用较高扰动系数生成具有较强可迁移性的对抗样本,导致对抗扰动较易被防御者察觉,针对此问题,提出一种基于Perlin增强与随机变换的黑盒攻击方法。方法利用Perlin噪声对干净样本进行数据增强,同时使用增强后的数据集和随机尺度与填充运算来改进现有的基于平移不变的对抗样本生成方法,以降低对抗样本的黑盒攻击能力与扰动系数的耦合程度。在ImageNet数据集中的实验结果表明,通过优化后的对抗攻击在不修改扰动系数的情况下增强了对抗样本的可迁移性。
At present,black-box attacks based on transferability usually use high disturbance coeffi-cient to generate adversarial examples with strong transferability,which makes adversarial disturbance easier to be detected by defenders.To solve this problem,a black-box attack method based on Perlin enhancement and random transformation is proposed.By using Perlin noise,the method enhances the data of clean examples,and at the same time,it uses the enhanced data set and random scale and filling opera-tion to improve the existing translation-invariant adversarial examples generation method,so as to reduce the coupling degree between the black-box attack ability and the disturbance coefficient of adversarial examples.The experimental results in ImageNet data set show that the transferability of adversarial exam-ples is enhanced by the optimized adversarial attack without modifying the disturbance coefficient.
作者
张朝阳
李晖
ZHANG Zhaoyang;LI Hui(School of Information Science and Engineering,Shenyang University of Technology,Shenyang 110870,China)
出处
《微处理机》
2023年第5期31-34,共4页
Microprocessors
关键词
黑盒攻击
数据增强
对抗样本
可迁移性
优化方法
Black-box attack
Data enhancement
Adversarial examples
Transferability
Optimization method
