一种多模型的调度优化对抗攻击算法OA北大核心CSTPCD

Adversarial samples can be generated in two approaches:Single model and model ensemble.Adversarial samples generated through model ensemble often exhibit higher attack success rates.However,there are few related studies on model ensemble,and most of the existing model ensemble methods are based on all models being used simultaneously in the iteration without reasonable consideration of the differences between different models,resulting in a lower attack success rates of adversarial attack.To further enhance the success rate of model ensemble,this paper proposes an adversarial attack algorithm based on multi-model scheduling optimization.Firstly,the model scheduling is performed by calculating the difference of the loss gradient of each model.Then,the optimal model combination is selected in each iteration round to conduct a model ensemble attack,thereby obtaining the optimal gradient.Subsequently,the momentum item of the previous stage is utilized to update the current data point.The optimized gradient is calculated by using the model combination of the current stage on the updated data point.Finally,the optimized gradient combined with the transformed gradient is used to adjust the final gradient direction.Experimental results on the ImageNet dataset demonstrate that the proposed integrated algorithm achieves a higher black-box attack success rate with less perturbation.Compared with mainstream full-model ensemble attack,the average success rates of black-box attacks on normal training modelshave increased by 3.4％and 12％,respectively.Additionally,the generated adversarial samples exhibit better visual quality.