Computer Science ›› 2022, Vol. 49 ›› Issue (2): 83-91.doi: 10.11896/jsjkx.210800130

• Computer Vision: Theory and Application • Previous Articles     Next Articles

Multi-target Category Adversarial Example Generating Algorithm Based on GAN

LI Jian, GUO Yan-ming, YU Tian-yuan, WU Yu-lun, WANG Xiang-han, LAO Song-yang   

  1. College of Systems Engineering,National University of Defense Technology,Changsha 410073,China
  • Received:2021-08-15 Revised:2021-10-12 Online:2022-02-15 Published:2022-02-23
  • About author:LI Jian,born in 1996,postgraduate.His main research interests include compu-ter vision and deep learning.
    GUO Yan-ming,born in 1989,associate professor.His main research interests include computer vision,natural language processing and deep learning.

Abstract: Although deep neural networks perform well in many areas,research shows that deep neural networks are vulnerable to attacks from adversarial examples.There are many algorithms for attacking neural networks,but the attack speed of most attack algorithms is slow.Therefore,the rapid generation of adversarial examples has gradually become the focus of research in the area of adversarial examples.AdvGAN is an algorithm that uses the network to attack another network,which can generate adversarial samples extremely faster than other methods.However,when carrying out a targeted attack,AdvGAN needs to train a network for each target,so the efficiency of the attack is low.In this article,we propose a multi-target attack network(MTA) based on the generative adversarial network,which can complete multi-target attacks and quickly generate adversarial examples by training only once.Experiments show that MTA has a higher success rate for targeted attacks on the CIFAR10 and MNIST datasets than AdvGAN.We have also done adversarial sample transfer experiments and attack experiments under defense.The results show that the transferability of the adversarial examples generated by MTA is stronger than other multi-target attack algorithms,and our MTA method also has a higher attack success rate under defense.

Key words: Adversarial attack, Adversarial example, Generative adversarial network, Multi-target attack, Neural network

CLC Number: 

  • TP183
[1]SZEGEDY C,ZARENBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[C]//International Conference on Learning Representations.2014.
[2]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining andharnessing adversarial examples[C]//International Conference on Learning Representations.2015.
[3]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//IEEE Symposium on Security and Privacy (SP).IEEE,2017:39-57.
[4]MOOSAVIDEZFOOLI S M,FAWZI A,FROSSARD P.Deep-fool:A simple and accurate method to fool deep neural networks[C]//Conference on Computer Vision and Pattern Recognition (CVPR).IEEE,2016:2574-2582.
[5]CHEN P Y,ZHANG H,SHARMA Y,et al.Zoo:Zeroth orderoptimization based black-box attacks to deep neural networks without training substitute models[C]//Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security.2017:15-26.
[6]XIAO C,LI B,ZHU J Y,et al.Generating Adversarial Exampleswith Adversarial Networks[C]//Proceedings of the 27th International Joint Conference on Artificial Intelligence.2018:3905-3911.
[7]LI B,XIE J Z.Study on the Prediction of Imbalanced Bank Customer Churn Based on Generative Adversarial Network[J].Journal of Chongqing University of Technology(Natural Science),2021,35(8):136-143.
[8]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards DeepLearning Models Resistant to Adversarial Attacks[C]//International Conference on Learning Representations.2017.
[9]KURAKIN A,GOODFELLOW I,BENGIO S.Adversarialexamples in the physical world[C]//International Conference on Learning Representations Workshop.2017.
[10]RONY J,HAFEMANN L G,OLIVEIRA L S,et al.Decoupling direction and norm for efficient gradient-based l2 adversarial attacks and defenses[C]//Proceedings of the IEEE/CVF Confe-rence on Computer Vision and Pattern Recognition.IEEE,2019:4322-4330.
[11]BRENDEL W,RAUBER J,BETHGE M.Decision-based adversarial attacks:Reliable attacks against black-box machine lear-ning models[C]//International Conference on Learning Representations.2018.
[12]CHENG M,LE T,CHEN P Y,et al.Query-efficient hard-label black-box attack:An optimization-based approach[C]//International Conference on Learning Representations.2019.
[13]CHENG M,SINGH S,CHEN P,et al.Sign-opt:A query-efficient hard-label adversarial attack[C]//International Conference on Learning Representations.2020.
[14]XU W,EVANS D,QI Y.Feature squeezing:Detecting adversa-rial examples in deep neural networks[C]//Network and Distri-buted System Security Symposium.2018.
[15]MENG D,CHEN H.Magnet:a two-pronged defense against adversarial examples[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.2017:135-147.
[16]TRAMÈR F,KURAKIN A,PAPERNOT N,et al.Ensembleadversarial training:Attacks and defenses[C]//International Conference on Learning Representations.2018.
[17]DAS N,SHANBHOGUE M,CHEN S T.Keeping the Bad Guys Out:Protecting and Vaccinating Deep Learning with JPEG Compression[J].arXiv:1705.02900,2017.
[18]RAFF E,SYLVESTER J,FORSYTH S,et al.Barrage of Random Transforms for Adversarially Robust Defense[C]//Confe-rence on Computer Vision and Pattern Recognition (CVPR).IEEE,2019:6521-6530.
[19]JEDDI A,SHAFIEE M J,KARG M,et al.Learn2perturb:an end-to-end feature perturbation learning to improve adversarial robustness[C]//Conference on Computer Vision and Pattern Recognition (CVPR).IEEE,2020:1241-1250.
[20]JIANG Z,CHEN T,CHEN T,et al.Robust Pre-Training by Adversarial Contrastive Learning[C]//Advances in Neural Information Processing Systems.2020.
[21]KIM M,TACK J,HWANG S J,et al.Adversarial self-supervised contrastive learning [C]//Advances in Neural Information Processing Systems.2020.
[22]BAI Y,ZENG Y,JIANG Y,et al.Improving adversarial robustness via channel-wise activation suppressing [C]//International Conference on Learning Representations.2021.
[1] ZHANG Jia, DONG Shou-bin. Cross-domain Recommendation Based on Review Aspect-level User Preference Transfer [J]. Computer Science, 2022, 49(9): 41-47.
[2] ZHOU Fang-quan, CHENG Wei-qing. Sequence Recommendation Based on Global Enhanced Graph Neural Network [J]. Computer Science, 2022, 49(9): 55-63.
[3] ZHOU Le-yuan, ZHANG Jian-hua, YUAN Tian-tian, CHEN Sheng-yong. Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion [J]. Computer Science, 2022, 49(9): 155-161.
[4] NING Han-yang, MA Miao, YANG Bo, LIU Shi-chang. Research Progress and Analysis on Intelligent Cryptology [J]. Computer Science, 2022, 49(9): 288-296.
[5] WANG Run-an, ZOU Zhao-nian. Query Performance Prediction Based on Physical Operation-level Models [J]. Computer Science, 2022, 49(8): 49-55.
[6] CHEN Yong-quan, JIANG Ying. Analysis Method of APP User Behavior Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(8): 78-85.
[7] ZHU Cheng-zhang, HUANG Jia-er, XIAO Ya-long, WANG Han, ZOU Bei-ji. Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism [J]. Computer Science, 2022, 49(8): 113-119.
[8] SUN Qi, JI Gen-lin, ZHANG Jie. Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection [J]. Computer Science, 2022, 49(8): 172-177.
[9] YAN Jia-dan, JIA Cai-yan. Text Classification Method Based on Information Fusion of Dual-graph Neural Network [J]. Computer Science, 2022, 49(8): 230-236.
[10] HAO Zhi-rong, CHEN Long, HUANG Jia-cheng. Class Discriminative Universal Adversarial Attack for Text Classification [J]. Computer Science, 2022, 49(8): 323-329.
[11] QI Xiu-xiu, WANG Jia-hao, LI Wen-xiong, ZHOU Fan. Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning [J]. Computer Science, 2022, 49(7): 18-24.
[12] YANG Bing-xin, GUO Yan-rong, HAO Shi-jie, Hong Ri-chang. Application of Graph Neural Network Based on Data Augmentation and Model Ensemble in Depression Recognition [J]. Computer Science, 2022, 49(7): 57-63.
[13] ZHANG Ying-tao, ZHANG Jie, ZHANG Rui, ZHANG Wen-qiang. Photorealistic Style Transfer Guided by Global Information [J]. Computer Science, 2022, 49(7): 100-105.
[14] DAI Zhao-xia, LI Jin-xin, ZHANG Xiang-dong, XU Xu, MEI Lin, ZHANG Liang. Super-resolution Reconstruction of MRI Based on DNGAN [J]. Computer Science, 2022, 49(7): 113-119.
[15] LIU Yue-hong, NIU Shao-hua, SHEN Xian-hao. Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(7): 127-131.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!