A Distributed Biased Boundary Attack Method in Black-Box Attack

A Distributed Biased Boundary Attack Method in Black-Box Attack

The adversarial samples threaten the effectiveness of machine learning (ML) models and algorithms in many applications. In particular, black-box attack methods are quite close to actual scenarios. Research on black-box attack methods and the generation of adversarial samples is helpful to discover t...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Fengtao Xiang, Jiahui Xu, Wanpeng Zhang, Weidong Wang
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
adversarial samples
black-box attacks
machine learning models
boundary attacks
Technology
T
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
Acceso en línea:https://doaj.org/article/31fcb370a0354069ae9989ccb021af4e
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:31fcb370a0354069ae9989ccb021af4e
record_format dspace
spelling oai:doaj.org-article:31fcb370a0354069ae9989ccb021af4e2021-11-11T15:25:39ZA Distributed Biased Boundary Attack Method in Black-Box Attack10.3390/app1121104792076-3417https://doaj.org/article/31fcb370a0354069ae9989ccb021af4e2021-11-01T00:00:00Zhttps://www.mdpi.com/2076-3417/11/21/10479https://doaj.org/toc/2076-3417The adversarial samples threaten the effectiveness of machine learning (ML) models and algorithms in many applications. In particular, black-box attack methods are quite close to actual scenarios. Research on black-box attack methods and the generation of adversarial samples is helpful to discover the defects of machine learning models. It can strengthen the robustness of machine learning algorithms models. Such methods require queries frequently, which are less efficient. This paper has made improvements in the initial generation and the search for the most effective adversarial examples. Besides, it is found that some indicators can be used to detect attacks, which is a new foundation compared with our previous studies. Firstly, the paper proposed an algorithm to generate initial adversarial samples with a smaller L<sub>2</sub> norm; secondly, a combination between particle swarm optimization (PSO) and biased boundary adversarial attack (BBA) is proposed. It is the PSO-BBA. Experiments are conducted on the ImageNet. The PSO-BBA is compared with the baseline method. Experimental comparison results certificate that: (1) A distributed framework for adversarial attack methods is proposed; (2) The proposed initial point selection method can reduces query numbers effectively; (3) Compared to the original BBA, the proposed PSO-BBA algorithm accelerates the convergence speed and improves the accuracy of attack accuracy; (4) The improved PSO-BBA algorithm has preferable performance on targeted and non-targeted attacks; (5) The mean structural similarity (MSSIM) can be used as the indicators of adversarial attack.Fengtao XiangJiahui XuWanpeng ZhangWeidong WangMDPI AGarticleadversarial samplesblack-box attacksmachine learning modelsboundary attacksTechnologyTEngineering (General). Civil engineering (General)TA1-2040Biology (General)QH301-705.5PhysicsQC1-999ChemistryQD1-999ENApplied Sciences, Vol 11, Iss 10479, p 10479 (2021)
institution DOAJ
collection DOAJ
language EN
topic adversarial samples
black-box attacks
machine learning models
boundary attacks
Technology
T
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
spellingShingle adversarial samples
black-box attacks
machine learning models
boundary attacks
Technology
T
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
Fengtao Xiang
Jiahui Xu
Wanpeng Zhang
Weidong Wang
A Distributed Biased Boundary Attack Method in Black-Box Attack
description The adversarial samples threaten the effectiveness of machine learning (ML) models and algorithms in many applications. In particular, black-box attack methods are quite close to actual scenarios. Research on black-box attack methods and the generation of adversarial samples is helpful to discover the defects of machine learning models. It can strengthen the robustness of machine learning algorithms models. Such methods require queries frequently, which are less efficient. This paper has made improvements in the initial generation and the search for the most effective adversarial examples. Besides, it is found that some indicators can be used to detect attacks, which is a new foundation compared with our previous studies. Firstly, the paper proposed an algorithm to generate initial adversarial samples with a smaller L<sub>2</sub> norm; secondly, a combination between particle swarm optimization (PSO) and biased boundary adversarial attack (BBA) is proposed. It is the PSO-BBA. Experiments are conducted on the ImageNet. The PSO-BBA is compared with the baseline method. Experimental comparison results certificate that: (1) A distributed framework for adversarial attack methods is proposed; (2) The proposed initial point selection method can reduces query numbers effectively; (3) Compared to the original BBA, the proposed PSO-BBA algorithm accelerates the convergence speed and improves the accuracy of attack accuracy; (4) The improved PSO-BBA algorithm has preferable performance on targeted and non-targeted attacks; (5) The mean structural similarity (MSSIM) can be used as the indicators of adversarial attack.
format article
author Fengtao Xiang
Jiahui Xu
Wanpeng Zhang
Weidong Wang
author_facet Fengtao Xiang
Jiahui Xu
Wanpeng Zhang
Weidong Wang
author_sort Fengtao Xiang
title A Distributed Biased Boundary Attack Method in Black-Box Attack
title_short A Distributed Biased Boundary Attack Method in Black-Box Attack
title_full A Distributed Biased Boundary Attack Method in Black-Box Attack
title_fullStr A Distributed Biased Boundary Attack Method in Black-Box Attack
title_full_unstemmed A Distributed Biased Boundary Attack Method in Black-Box Attack
title_sort distributed biased boundary attack method in black-box attack
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/31fcb370a0354069ae9989ccb021af4e
work_keys_str_mv AT fengtaoxiang adistributedbiasedboundaryattackmethodinblackboxattack
AT jiahuixu adistributedbiasedboundaryattackmethodinblackboxattack
AT wanpengzhang adistributedbiasedboundaryattackmethodinblackboxattack
AT weidongwang adistributedbiasedboundaryattackmethodinblackboxattack
AT fengtaoxiang distributedbiasedboundaryattackmethodinblackboxattack
AT jiahuixu distributedbiasedboundaryattackmethodinblackboxattack
AT wanpengzhang distributedbiasedboundaryattackmethodinblackboxattack
AT weidongwang distributedbiasedboundaryattackmethodinblackboxattack
_version_ 1718435299178053632

Ejemplares similares