重庆工商大学学报(自然科学版)2025,Vol.42Issue(3):70-76,7.DOI:10.16055/j.issn.1672-058X.2025.0003.009
基于替代模型的黑盒迁移攻击方法
Black-box Transfer Attack Method Based on Substitute Models
摘要
Abstract
Objective To solve the problems of slow convergence and high cost of the existing data-free black-box attack methods based on generative adversarial networks,a novel black-box transfer attack method is proposed.Methods The method consists of two stages:training data synthesis and substitute model distillation.In the stage of training data synthesis,the generator is optimized to maximize the consistency between the outputs of the substitute model and the target model,and two loss functions are introduced to constrain the data distribution generated by the generator.In the stage of substitute model distillation,a substitute model is designed with residual blocks containing learnable parameters,and data synthesized by the generator is used to fit the decision boundary of the target model.By alternating between these two stages of training,the substitute model can better fit the decision boundary of the target model,thereby enhancing the attack effectiveness.Results Through a series of experiments,the success rate of non-targeted black-box attacks against the target model exceeded 70%.On the CIFAR100 dataset,compared with other black-box attack methods,the success rate of targeted attacks increased by more than 2%,and the required query budget was lower for achieving the same attack effect.Conclusion The proposed method efficiently fits the decision boundary of the target model and demonstrates good attack effectiveness.关键词
对抗样本/黑盒攻击/迁移攻击/替代模型蒸馏Key words
adversarial examples/black-box attack/transfer attack/substitute model distillation分类
计算机与自动化引用本文复制引用
曾繁茂,方贤进..基于替代模型的黑盒迁移攻击方法[J].重庆工商大学学报(自然科学版),2025,42(3):70-76,7.基金项目
国家自然科学基金项目(52374155). (52374155)
