郑州大学学报(工学版)2025,Vol.46Issue(6):40-48,9.DOI:10.13705/j.issn.1671-6833.2025.03.007
基于基因重组知识蒸馏策略的对抗攻击方法
Adversarial Attack Method Based on Genetic Recombination Knowledge Distillation Strategy
摘要
Abstract
To address limitations of traditional ensemble attack methods,which were constrained by high computa-tional resource requirements,including training data and time,a low computational complexity ensemble attack method based on genetic recombination was proposed.This method aimed to enhance the transferability of existing adversarial attacks by generating a more diverse set of ensemble models.Firstly,the concept of genetic recombina-tion was introduced into knowledge distillation.In this process,student models were treated as independent individ-uals,with their parameters considered as genes.Each round of distillation learning was viewed as a gene evolution.Randomly exchanging parameters among student models during the evolution process achieves artificial genetic re-combination,resulting in superior offspring genes.By setting different distillation temperatures,multiple diversified student models were obtained.Next,these diverse student models were integrated with the source teacher model.Finally,the integrated model was used to generate adversarial examples with stronger transferability.Experimental results on a subset of the ImageNet validation set demonstrated that the proposed method significantly improved the transferability of adversarial samples compared to other baseline algorithms.Using ResNet152 as the source model and PGD as the attack method,the proposed method achieved the highest transfer attack success rate across 11 black-box models,outperforming the baseline PGD method by an average of 34.52 percentage point,the PGI meth-od by an average of 5.30 percentage point,and the DGM method by an average of 2.12 percentage point.关键词
集成攻击/对抗样本/迁移性/基因重组/知识蒸馏Key words
ensemble attacks/adversarial examples/transferability/genetic recombination/knowledge distillation分类
信息技术与安全科学引用本文复制引用
刘明林,周传金,王润泽,王超,曹仰杰..基于基因重组知识蒸馏策略的对抗攻击方法[J].郑州大学学报(工学版),2025,46(6):40-48,9.基金项目
国家自然科学基金资助项目(62302458) (62302458)
河南省自然科学基金资助项目(222300420295) (222300420295)
