信息安全研究2024,Vol.10Issue(5):403-410,8.DOI:10.12379/j.issn.2096-1057.2024.05.03
一种多模型的调度优化对抗攻击算法
Adversarial Attack Algorithm Based on Multi-model Scheduling Optimization
摘要
Abstract
Adversarial samples can be generated in two approaches:Single model and model ensemble.Adversarial samples generated through model ensemble often exhibit higher attack success rates.However,there are few related studies on model ensemble,and most of the existing model ensemble methods are based on all models being used simultaneously in the iteration without reasonable consideration of the differences between different models,resulting in a lower attack success rates of adversarial attack.To further enhance the success rate of model ensemble,this paper proposes an adversarial attack algorithm based on multi-model scheduling optimization.Firstly,the model scheduling is performed by calculating the difference of the loss gradient of each model.Then,the optimal model combination is selected in each iteration round to conduct a model ensemble attack,thereby obtaining the optimal gradient.Subsequently,the momentum item of the previous stage is utilized to update the current data point.The optimized gradient is calculated by using the model combination of the current stage on the updated data point.Finally,the optimized gradient combined with the transformed gradient is used to adjust the final gradient direction.Experimental results on the ImageNet dataset demonstrate that the proposed integrated algorithm achieves a higher black-box attack success rate with less perturbation.Compared with mainstream full-model ensemble attack,the average success rates of black-box attacks on normal training modelshave increased by 3.4%and 12%,respectively.Additionally,the generated adversarial samples exhibit better visual quality.关键词
对抗样本/神经网络/深度学习/黑盒攻击/集成模型Key words
adversarial examples/neural network/deep learning/black-box attack/model ensemble分类
信息技术与安全科学引用本文复制引用
王永,柳毅..一种多模型的调度优化对抗攻击算法[J].信息安全研究,2024,10(5):403-410,8.基金项目
广东省重点领域研发计划项目(2021B0101200002) (2021B0101200002)
