计算机科学 ›› 2022, Vol. 49 ›› Issue (10): 285-290.doi: 10.11896/jsjkx.210900254
杨文博, 原继东
YANG Wen-bo, YUAN Ji-dong
摘要: 用于时间序列分类的深度神经网络由于其自身对于对抗攻击的脆弱性,导致模型存在潜在的安全问题。现有的时间序列攻击方法均基于梯度信息进行全局扰动,生成的对抗样本易被察觉。为此,文中提出了一种不需要梯度信息的局部黑盒攻击方法。首先,对抗攻击被描述为一个约束优化问题,并假设不能获得被攻击模型的任何内部信息;然后利用遗传算法求解该问题;最后由于时间序列shapelets提供了不同类别间最具辨别力的信息,因此将其设计为局部扰动区间。实验结果表明,在有潜在安全隐患的UCR数据集上,所提方法可以有效地攻击深度神经网络并生成对抗样本。此外,所提算法相比基准算法在保持较高攻击成功率的同时显著降低了均方误差。
中图分类号:
[1]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks [J].arXiv:1312.6199,2013. [2]EYKHOLT K,EVTIMOV I,FERNANDES E,et al.Robustphysical-world attacks on deep learning visual classification[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.IEEE,2018. [3]ZHANG W E,SHENG Q Z,ALHAZMI A,et al.Adversarial attacks on deep-learning models in natural language processing:A survey [J].ACM Transactions on Intelligent Systems and Technology(TIST),2020,11(3):1-41. [4]DANG-NHU R,SINGH G,BIELIK P,et al.Adversarial attacks on probabilistic autoregressive forecasting models[C]//Procee-dings of the International Conference on Machine Learning.PMLR,2020. [5]ZHENG Z,YANG Y,NIU X,et al.Wide and deep convolutional neural networks for electricity-theft detection to secure smart grids [J].IEEE Transactions on Industrial Informatics,2017,14(4):1606-1615. [6]FAWAZ H I,FORESTIER G,WEBER J,et al.Adversarial attacks on deep neural networks for time series classification[C]//Proceedings of the 2019 International Joint Conference on Neural Networks(IJCNN).IEEE,2019. [7]CHEN H,HUANG C,HUANG Q,et al.Ecgadv:Generatingadversarial electrocardiogram to misguide arrhythmia classification system[C]//Proceedings of the AAAI Conference on Artificial Intelligence.AAAI,2020. [8]PAPERNOT N,MCDANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[C]//Procee-dings of the 2017 ACM on Asia Conference on Computer and Communications Security.ACM,2017. [9]SU J,VARGAS D V,SAKURAI K.One pixel attack for fooling deep neural networks [J].IEEE Transactions on Evolutionary Computation,2019,23(5):828-841. [10]OREGI I,DEL SER J,PEREZ A,et al.Adversarial sample crafting for time series classification with elastic similarity measures[C]//Proceedings of the International Symposium on Intelligent and Distributed Computing.Springer,2018. [11]KARIM F,MAJUMDAR S,DARABI H.Adversarial attacks on time series [J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2020,43(10):3309-3320. [12]YE L,KEOGH E.Time series shapelets:a new primitive for data mining[C]//Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.ACM,2009. [13]DAU H A,BAGNALL A,KAMGAR K,et al.The UCR time series archive [J].IEEE/CAA Journal of Automatica Sinica,2019,6(6):1293-1305. [14]PAN W W,WANG X Y,SONG M L,et al.Survey on Generating Adversarial Examples [J].Journal of Software,2020,31(1):67-81. [15]PAPERNOT N,MCDANIEL P,GOODFELLOW I.Transferability in machine learning:from phenomena to black-box attacks using adversarial samples [J].arXiv:1605.07277,2016. [16]SARKAR S,BANSAL A,MAHBUB U,et al.UPSET and ANGRI:Breaking high performance image classifiers [J].arXiv:1707.01159,2017. [17]RATHORE P,BASAK A,NISTALA S H,et al.Untargeted,Targeted and Universal Adversarial Attacks and Defenses on Time Series[C]//Proceedings of the 2020 International Joint Conference on Neural Networks(IJCNN).IEEE,2020. [18]HARFORD S,KARIM F,DARABI H.Adversarial attacks on multivariate time series [J].arXiv:2004.00410,2020. [19]HAN X,HU Y,FOSCHINI L,et al.Deep learning models forelectrocardiograms are susceptible to adversarial attack [J].Nature Medicine,2020,26(3):360-363. [20]JI G L.Survey on genetic algorithm [J].Computer Applications and Software,2004,21(2):69-73. [21]ANDERSON E J,FERRIS M C.Genetic algorithms for combinatorial optimization:the assemble line balancing problem [J].ORSA Journal on Computing,1994,6(2):161-173. [22]YAN W H,LI G L.Research on time series classification based on shapelet [J].Computer Science,2019,46(1):29-35. [23]WANG Z,YAN W,OATES T.Time series classification from scratch with deep neural networks:A strong baseline[C]//Proceedings of the 2017 International Joint Conference on Neural Networks(IJCNN).IEEE,2017. [24]IOFFE S,SZEGEDY C.Batch normalization:Accelerating deep network training by reducing internal covariate shift[C]//Proceedings of the International Conference on Machine Learning.PMLR,2015. [25]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenetclassification with deep convolutional neural networks [J].Advances in Neural Information Processing Systems,2012,25:1097-1105. [26]DEMš AR J.Statistical comparisons of classifiers over multiple data sets [J].The Journal of Machine Learning Research,2006,7:1-30. |
[1] | 高振卓, 王志海, 刘海洋. 嵌入典型时间序列特征的随机Shapelet森林算法 Random Shapelet Forest Algorithm Embedded with Canonical Time Series Features 计算机科学, 2022, 49(7): 40-49. https://doi.org/10.11896/jsjkx.210700226 |
[2] | 杨浩雄, 高晶, 邵恩露. 考虑一单多品的外卖订单配送时间的带时间窗的车辆路径问题 Vehicle Routing Problem with Time Window of Takeaway Food ConsideringOne-order-multi-product Order Delivery 计算机科学, 2022, 49(6A): 191-198. https://doi.org/10.11896/jsjkx.210400005 |
[3] | 沈彪, 沈立炜, 李弋. 空间众包任务的路径动态调度方法 Dynamic Task Scheduling Method for Space Crowdsourcing 计算机科学, 2022, 49(2): 231-240. https://doi.org/10.11896/jsjkx.210400249 |
[4] | 吴善杰, 王新. 基于AGA-DBSCAN优化的RBF神经网络构造煤厚度预测方法 Prediction of Tectonic Coal Thickness Based on AGA-DBSCAN Optimized RBF Neural Networks 计算机科学, 2021, 48(7): 308-315. https://doi.org/10.11896/jsjkx.200800110 |
[5] | 王金恒, 单志龙, 谭汉松, 王煜林. 基于遗传优化PNN神经网络的网络安全态势评估 Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network 计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239 |
[6] | 郑增乾, 王锟, 赵涛, 蒋维, 孟利民. 带宽和时延受限的流媒体服务器集群负载均衡机制 Load Balancing Mechanism for Bandwidth and Time-delay Constrained Streaming Media Server Cluster 计算机科学, 2021, 48(6): 261-267. https://doi.org/10.11896/jsjkx.200400131 |
[7] | 左剑凯, 吴杰宏, 陈嘉彤, 刘泽源, 李忠智. 异构无人机编队防御及评估策略研究 Study on Heterogeneous UAV Formation Defense and Evaluation Strategy 计算机科学, 2021, 48(2): 55-63. https://doi.org/10.11896/jsjkx.191100053 |
[8] | 姚泽玮, 林嘉雯, 胡俊钦, 陈星. 基于PSO-GA的多边缘负载均衡方法 PSO-GA Based Approach to Multi-edge Load Balancing 计算机科学, 2021, 48(11A): 456-463. https://doi.org/10.11896/jsjkx.210100191 |
[9] | 高帅, 夏良斌, 盛亮, 杜宏亮, 袁媛, 韩和同. 基于投影圆度和遗传算法的空间圆柱面拟合方法 Spatial Cylinder Fitting Based on Projection Roundness and Genetic Algorithm 计算机科学, 2021, 48(11A): 166-169. https://doi.org/10.11896/jsjkx.201100057 |
[10] | 高基旭, 王珺. 一种基于遗传算法的多边缘协同计算卸载方案 Multi-edge Collaborative Computing Unloading Scheme Based on Genetic Algorithm 计算机科学, 2021, 48(1): 72-80. https://doi.org/10.11896/jsjkx.200800088 |
[11] | 吉顺慧, 张鹏程. 基于支配关系的数据流测试用例生成方法 Test Case Generation Approach for Data Flow Based on Dominance Relations 计算机科学, 2020, 47(9): 40-46. https://doi.org/10.11896/jsjkx.200700021 |
[12] | 董明刚, 黄宇扬, 敬超. 基于遗传实例和特征选择的K近邻训练集优化方法 K-Nearest Neighbor Classification Training Set Optimization Method Based on Genetic Instance and Feature Selection 计算机科学, 2020, 47(8): 178-184. https://doi.org/10.11896/jsjkx.190700089 |
[13] | 梁正友, 何景琳, 孙宇. 一种用于微表情自动识别的三维卷积神经网络进化方法 Three-dimensional Convolutional Neural Network Evolution Method for Facial Micro-expression Auto-recognition 计算机科学, 2020, 47(8): 227-232. https://doi.org/10.11896/jsjkx.190700009 |
[14] | 杨德成, 李凤岐, 王祎, 王胜法, 殷慧殊. 智能3D打印路径规划算法 Intelligent 3D Printing Path Planning Algorithm 计算机科学, 2020, 47(8): 267-271. https://doi.org/10.11896/jsjkx.190700184 |
[15] | 冯炳超, 吴璟莉. 求解自行车共享系统静态再平衡问题的单亲遗传算法 Partheno-genetic Algorithm for Solving Static Rebalance Problem of Bicycle Sharing System 计算机科学, 2020, 47(6A): 114-118. https://doi.org/10.11896/JsJkx.190700120 |
|