基于差分进化的神经网络通用扰动生成方法

Universal perturbation generation method of neural network based on differential evolution

针对超球面通用攻击(HGAA)算法中通用扰动搜索始终限定在空间球面上,不具有球内空间搜索能力的问题,提出一种基于超球面的差分进化算法。该算法将搜索空间扩大到球面内部,并通过差分进化(DE)算法搜索最优球面,从而生成愚弄率更高、模长更低的通用扰动。此外,分析了种群数量等关键参数对该算法的影响,并且测试了该算法生成的通用扰动在不同神经网络模型上的性能。在CIFAR10和SVHN图像分类数据集上进行验证,该算法与HGAA算法相比愚弄率最多提高了11.8个百分点。实验结果表明,该算法扩展了HGAA算法的通用扰动搜索空间,降低了通用扰动的模长,提高了通用扰动的愚弄率。

Aiming at the problem that the universal perturbation search in HGAA(Hyperspherical General Adversarial Attacks)algorithm is always limited to the spatial spherical surface,and it does not have the ability to search the space inside the sphere,a differential evolution algorithm based on hypersphere was proposed.In the algorithm,the search space was expanded to the interior of the sphere,and Differential Evolution(DE)algorithm was used to search the optimal sphere,so as to generate universal perturbations with higher fooling rate and lower modulus length on this sphere.Besides,the influence of key parameters such as the number of populations on the algorithm was analyzed,and the performance of the universal perturbations generated by the algorithm on different neural network models was tested.The algorithm was verified on CIFAR10 and SVHN image classification datasets,and the fooling rate of the algorithm was increased by up to 11.8 percentage points compared with that of HGAA algorithm.Experimental results show that this algorithm extends the universal perturbation search space of the HGAA algorithm,reduces the modulus length of universal perturbation,and improves the fooling rate of universal perturbations.