|国家科技期刊平台
| 注册
首页|期刊导航|电子学报|基于引导扩散模型的自然对抗补丁生成方法

基于引导扩散模型的自然对抗补丁生成方法

何琨 佘计思 张子君 陈晶 汪欣欣 杜瑞颖

电子学报2024,Vol.52Issue(2):564-573,10.
电子学报2024,Vol.52Issue(2):564-573,10.DOI:10.12263/DZXB.20230481

基于引导扩散模型的自然对抗补丁生成方法

A Guided Diffusion-based Approach to Natural Adversarial Patch Gen-eration

何琨 1佘计思 1张子君 1陈晶 2汪欣欣 1杜瑞颖3

作者信息

  • 1. 武汉大学国家网络安全学院,湖北武汉 430072||武汉大学空天信息安全与可信计算教育部重点实验室,湖北武汉 430072
  • 2. 武汉大学国家网络安全学院,湖北武汉 430072||武汉大学空天信息安全与可信计算教育部重点实验室,湖北武汉 430072||武汉大学日照信息技术研究院,山东日照 276800
  • 3. 武汉大学国家网络安全学院,湖北武汉 430072||武汉大学空天信息安全与可信计算教育部重点实验室,湖北武汉 430072||地球空间信息技术协同创新中心,湖北武汉 430079
  • 折叠

摘要

Abstract

Adversarial patch attacks in the physical world have gained a lot of attention in recent years due to their safety implications.Existing work has mostly focused on generating adversarial patches that can attack certain models in the physical world,but the resulting patterns are often unnatural and easy to identify.To tackle this problem,we propose a guided diffusion-based approach to natural adversarial patch generation.Specifically,we construct a predictor for attack success rate(ASR)prediction by parsing the output of the target detector,such that the reverse process of a pre-trained diffu-sion model can be guided by the gradient of the classifier to generate adversarial patches with improved naturalness and high ASR.We conduct extensive experiments in both the digital and the physical worlds to evaluate the attack effective-ness against various object detection models,as well as the naturalness of generated patches.The experimental results show that by combining the ASR predictor with a pre-trained diffusion model,our method is able to produce more natural adver-sarial patches than the state-of-art approaches while remaining highly effective.

关键词

目标检测/对抗补丁/扩散模型/对抗样本/对抗攻击/深度学习

Key words

object detection/adversarial patch/diffusion model/adversarial example/adversarial attack/deep learning

分类

信息技术与安全科学

引用本文复制引用

何琨,佘计思,张子君,陈晶,汪欣欣,杜瑞颖..基于引导扩散模型的自然对抗补丁生成方法[J].电子学报,2024,52(2):564-573,10.

基金项目

国家重点研发计划项目(No.2022YFB3102100) (No.2022YFB3102100)

中央高校基本科研业务费专项资金(No.2042022kf1034) (No.2042022kf1034)

国家自然科学基金(No.62206203,No.62076187) (No.62206203,No.62076187)

湖北省重点研发计划项目(No.2022BAA039) (No.2022BAA039)

山东省重点研发计划项目(No.2022CXPT055) National Key Research and Development Program of China(No.2022YFB3102100) (No.2022CXPT055)

Fun-damental Research Funds for the Central Universities(No.2042022kf1034) (No.2042022kf1034)

National Natural Science Foundation of China(No.62206203,No.62076187) (No.62206203,No.62076187)

Key Research and Development Program of Hubei Province(No.2022BAA039) (No.2022BAA039)

Key Research and Development Program of Shandong Province(No.2022CXPT055) (No.2022CXPT055)

电子学报

OA北大核心CSTPCD

0372-2112

访问量4
|
下载量0
段落导航相关论文