计算机工程2024,Vol.50Issue(1):251-258,8.DOI:10.19678/j.issn.1000-3428.0066467
基于稳定Adam和空间域变换的对抗样本生成算法
Adversarial Example Generation Algorithm Based on Stable Adam and Space Domain Transformation
摘要
Abstract
Deep neural networks have been widely used in natural language processing,target detection,and image classification.However,relevant studies have shown that deep neural networks are vulnerable to counter-sample attacks.Several existing attacks are based on the fast gradient sign method,which adds a disturbance of the same size to the input to achieve an attack effect.Although these methods are effective,they are not conducive to quickly finding adversarial examples with generalization ability.Therefore,to generalize the countermeasure samples,a gradient optimization method for stable adaptive moment estimation and spatial domain transformation is proposed to improve the existing algorithm for countermeasure sample generation.First,the Nesterov algorithm is introduced to update the first-order moment estimation.Inspired by the AdaBelief algorithm,the Belief parameter is introduced to the second-order moment estimation,and the decay step is calculated according to the exponential decay rate to obtain a more stable gradient.In addition,from the perspective of data enhancement,transforming the input samples in the spatial domain during the generation of confrontation samples is proposed.Unlike existing methods,this method updates the original gradient by weighting the gradients of different transformations to improve the mobility of confrontation samples.The experimental results show that the combination of the improved adaptive moment estimation and spatial-domain transformation gradient weighting algorithms can effectively improve the attack accuracy and mobility of adversarial samples.The white box attack success rate of the samples remains above 99.6%,while the black box attack success rate increases to 74.5%.关键词
对抗样本/梯度优化/矩估计/图像变换/可迁移性/黑盒攻击Key words
adversarial example/gradient optimization/moment estimation/image transformation/transferability/black box attack分类
信息技术与安全科学引用本文复制引用
张玉婷,向海昀,李倩,廖浩德..基于稳定Adam和空间域变换的对抗样本生成算法[J].计算机工程,2024,50(1):251-258,8.基金项目
国家自然科学基金青年科学基金项目(61503312). (61503312)
