信息安全研究2025,Vol.11Issue(3):249-256,8.DOI:10.12379/j.issn.2096-1057.2025.03.07
面向迁移攻击的视频对抗样本生成方法研究
Research on Video Adversarial Example Generation Methods for Transfer Attacks
摘要
Abstract
Different video recognition models possess distinct temporal discrimination patterns.In transfer attacks,the generation of video adversarial examples can lead to overfitting to the white-box model's temporal discrimination pattern,resulting in poor transferability of the adversarial examples.In view of this phenomenon,an effective algorithm is proposed to alleviate the overfitting phenomenon.The algorithm generates multiple augmented videos by frame extraction,inputs them into a white-box model,and obtains augmented gradients through backpropagation.Then,it repositions these gradients and calculates a weighted sum to acquire the final gradient information.Finally,it introduces this gradient information into gradient-based white-box attack methods,such as FGSM and BIM,to obtain the final adversarial samples.The cross-entropy loss function was improved;while guiding the generation of adversarial examples,its primary goal was to quickly find a direction that causes the model to misclassify,without considering the semantic space distance between the classification result and other categories with higher probabilities.In response to this issue,a regularization term based on KL divergence was introduced.When combined with the cross-entropy function,the adversarial examples generated based on this loss function have stronger transferability.On the Kinetics-400 and UCF-101 datasets,six commonly used models in the video recognition domain were trained,specifically Non-Local,SlowFast,and TPN,with ResNet50 and ResNet101 serving as the backbone networks.One of these models was selected as the white-box model to conduct transfer attacks on the remaining models,and a large number of experiments demonstrated the effectiveness of the method.关键词
视频识别模型/对抗样本/损失函数/迁移攻击/交叉熵Key words
video recognition model/adversarial example/loss function/transfer attack/cross-entropy分类
计算机与自动化引用本文复制引用
林哲伟,何春兰,刘兴伟,王奇,孙宏..面向迁移攻击的视频对抗样本生成方法研究[J].信息安全研究,2025,11(3):249-256,8.基金项目
四川省科技计划"揭榜挂帅"项目(2024YFCY0001) (2024YFCY0001)
