电子科技大学学报2026,Vol.55Issue(2):263-274,12.DOI:10.12178/1001-0548.2024336
一种频率驱动的黑盒对抗攻击方法
A frequency-driven black box adversarial attack method
摘要
Abstract
Enhancing the understanding of adversarial examples is crucial for ensuring the security of machine learning models in real-world applications.To address the insufficiency of existing research on the relationship between adversarial perturbations and their frequency components,this work investigates the representation of adversarial perturbations in the frequency domain and proposes an efficient black-box adversarial attack method.By applying wavelet packet decomposition to perform multi-scale frequency analysis of adversarial examples,it is found that adversarial perturbations are predominantly concentrated in the high-frequency components within low-frequency bands.Based on this observation,we design a black-box attack adversarial algorithm that incorporates specific frequency band information and introduce a normalized disturbance visibility(NDV)index to overcome the limitations of traditional norm-based metrics when evaluating both continuous and discrete perturbations.Experiments conducted on multiple benchmark datasets and models show that the proposed multi-band composite attack achieves an average success rate of 99%,significantly outperforming single-band attack approaches and demonstrating superior performance across seven evaluation metrics.Moreover,the NDV index effectively addresses the shortcomings of traditional norms,offering a more accurate and perceptually meaningful assessment of adversarial perturbations.关键词
黑盒对抗攻击/频域/机器学习/小波包分解Key words
black box adversarial attack/frequency domain/machine learning/wavelet packet decomposition分类
信息技术与安全科学引用本文复制引用
张准,曾逸,刘启和,叶飞,周世杰..一种频率驱动的黑盒对抗攻击方法[J].电子科技大学学报,2026,55(2):263-274,12.基金项目
四川省自然科学基金(25NSFSC1269) (25NSFSC1269)
