Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (4): 110-116.doi: 10.11896/jsjkx.220300024

• Computer Graphics & Multimedia • Previous Articles     Next Articles

Adaptive Image Adversarial Reprogramming Based on Noise Invisibility Factors

LIU Yifan, OU Bo, XIONG Jianqin   

  1. College of Computer Science and Electronic Engineering,Hunan University,Changsha 410082,China
  • Received:2022-03-02 Revised:2022-08-30 Online:2023-04-15 Published:2023-04-06
  • About author:LIU Yifan,born in 1999,postgraduate.Her main research interests include adversarial attack and so on.
    OU Bo,born in 1985,Ph.D,associate professor,Ph.D.supervisor.His main research interests include reversible data hiding and the related topics.
  • Supported by:
    National Natural Science Foundation of China(61872128).

PDF (PC)

323

Abstract: Adversarial reprogramming is an attacking method against the deep neural networks.By adding a certain perturbation to the input image,the network could be made to execute the attacker’s specified task,i.e.,destroying the legitimate permission of the training network model.It is positive to deeply understand and investigate this kind of attacks for further designing the corresponding anti-reprogramming algorithms.This paper discusses the relationship between the location of perturbations and the performance of adversarial reprogramming.Specifically,the noise visibility function is used to evaluate the adversarial distortion for each local content,and obtain the masking matrix.Then,the adversarial perturbations are added adaptively to optimize the attacking task.Experimental results show that,for the state-of-the-art deep network models,the proposed algorithm can enhance the performance of adversarial reprogramming attack and improve the imperceptibility of modified image.

Key words: Adversarial attack, Adversarial reprogramming, Adaptive perturbation, Noise visibility function

CLC Number: 

  • TP309.7
[1]GE Y Z,LIU H,WANG Y,et al.Overview of Deep Learning Image Recognition Under Small Sample Dilemma[J].Journal of Software,2022,33(1):193-210.
[2]QIAO S B,PANG S C,WANG M,et al.Convolution NeuralNetwork Model for Brain CT Image Classification Based on Residual Mixed Attention Mechanism[J].Journal of Electronics,2021,49(5):984-991.
[3]YU J Y,DING P C,WANG C.Application of ConvolutionalNeural Network in Target Detection[J].Computer Science,2018,45(S2):17-26.
[4]WANG H L,QI X L,WU G S.Research Progress of Target De-tection Technology Based on Deep Convolution Neural Network[J].Computer Science,2018,45(9):11-19.
[5]WANG N Y,YE Y X,LIU L,et al.Research Progress of Language Model Based on Deep Learning[J].Journal of Software,2021,32(4):1082-1115.
[6]TONG X,WANG B J,WANG R Z,et al.A Survey of Samples of Deep Learning Confrontation for Natural Language Proces-sing[J].Computer Science,2021,48(1):258-267.
[7]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and Harnessing Adversarial Examples[J].Statistics,2014,3:1467-5463.
[8]ALEXEY K,IAN G,SAMY B.Adversarial Examples in The Physical World[J].Statistics,2016,2:1467-5463.
[9]CHENG X,WANG Y Y,ZHANG N J,et al.Multi level loss target tracking and countermeasure attack method based on spatial perception[J].Journal of communication,2021,42(11):242-254.
[10]CHEN J Y,CHEN Z Q,ZHENG H B,et al.PSO Based Road Sign Recognition Model Black Box Anti Attack Method[J].Journal of Software,2020,31(9):2785-2801.
[11]ELSAYED G F,GOODFELLOW I,SOHL-DICKSTEIN J.Adversarial Reprogramming of Neural Networks[J].Statistics,2018,1:1467-5463.
[12]NEEKHARA P,HUSSAIN S,DUBNOV S,et al.AdversarialReprogramming of Sequence Classification Neural Networks[J].Statistics,2018,2:1467-5463.
[13]NEEKHARA P,HUSSAIN S,DU J,et al.Cross-modal Adversarial Reprogramming[C]//Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision.2022:2427-2435.
[14]CARLINI N,WAGNER D.Towards Evaluating the Robus-tness of Neural Networks[C]//IEEE Symposiumon Security and Privacy(SP).IEEE,2017:39-57.
[15]MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P,et al.A Simple and Accurate Method to Fool Deep Neural Networks[C]//Proceedings of the CVPR.2016:2574-2582.
[16]WANG C,WEI X L,TIAN Q,et al.Modulation Recognition Depth Network Countermeasure Attack Method Based on Cha-racteristic Gradient[J].Computer Science,2021,48(7):25-32.
[17]SHI D,LU T L,DU Y H,et al.Face Gender Forgery Image Generation Model Based on Improved Cyclegan[J].Computer Science,2022,49(2):31-39.
[18]YU X M,HUANG H.Research on the Application of Im-proved Gan Network in Generating Short Video[J].Computer Science,2021,48(S2):625-629.
[19]LIN S Y,ZHANG M K,WU C M,et al.Face Image Step-by-Step Completion Method by Generating Countermeasure Network[J].Computer Science,2021,48(9):174-180.
[20]MA N,ZHANG X,ZHENG H T,et al.Shufflenet v2:Practical Guidelines for Efficient CNN Architecture Design[C]//Procee-dings of the European Conference on Computer Vision(ECCV).2018:116-131.
[21]HAN X,LIU Q,XU J,et al.Handwritten Numeral Recognition Algorithm Based on Pseudo PCA[J].Computer Science,2018,45(S2):278-281,307.
[22]KRIZHEVSKY A,NAIR V,HINTON G.Cifar-10(canadian institute for advanced research)[J/OL].http://www.cs.toronto.edu/kriz/cifar.html.
[23]LEE K,SU H C,RAMCHANDRAN K.Reprogramming GANs Via Input Noise Design[C]//Joint European Conference on Machine Learning and Knowledge Discovery in Databases.Springer,Cham,2020:256-271.
[24]PROCA A,BANBURSKI A,POGGIO T A.Cross-Domain Adversarial Reprogramming of a Recurrent Neural Network[C]//CogSci.2020.
[25]WANG X,WANG S,CHEN P Y,et al.Protecting Neural Networks with Hierarchical Random Switching:Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses[C]//Twenty-Eighth International Joint Conference on Artificial Intelligence(IJCAI-19).2019.
[26]MENG X L,WANG Z Z.Image Diffusion Based on VisualMasking Effect[J].Journal of Automation,2011,37(1):21-27.
[27]SAJASI S,MOGHADAM A M E.An Adaptive Image Steganographic Scheme Based on Noise Visibility Function and an Optimal Chaotic Based Encryption Method[J].Applied Soft Computing,2015,30:375-389.
[28]VINYALS O,BLUNDELL C,LILLICRAP T,et al.MatchingNetworks for One Shot Learning[J].Advances in Neural Information Processing Systems,2016,29:3630-3638.
[29]KINGMA D,BA J.Adam:A Method for Stochastic Optimization[J].arXiv:1412.6980,2017.
[1] HAO Zhi-rong, CHEN Long, HUANG Jia-cheng. Class Discriminative Universal Adversarial Attack for Text Classification [J]. Computer Science, 2022, 49(8): 323-329.
[2] WU Zi-bin, YAN Qiao. Projected Gradient Descent Algorithm with Momentum [J]. Computer Science, 2022, 49(6A): 178-183.
[3] YAN Meng, LIN Ying, NIE Zhi-shen, CAO Yi-fan, PI Huan, ZHANG Lan. Training Method to Improve Robustness of Federated Learning [J]. Computer Science, 2022, 49(6A): 496-501.
[4] LI Jian, GUO Yan-ming, YU Tian-yuan, WU Yu-lun, WANG Xiang-han, LAO Song-yang. Multi-target Category Adversarial Example Generating Algorithm Based on GAN [J]. Computer Science, 2022, 49(2): 83-91.
[5] CHEN Meng-xuan, ZHANG Zhen-yong, JI Shou-ling, WEI Gui-yi, SHAO Jun. Survey of Research Progress on Adversarial Examples in Images [J]. Computer Science, 2022, 49(2): 92-106.
[6] WANG Xiao-ming, WEN Xu-yun, XU Meng-ting, ZHANG Dao-qiang. Graph Convolutional Network Adversarial Attack Method for Brain Disease Diagnosis [J]. Computer Science, 2022, 49(12): 340-345.
[7] ZHAO Hong, CHANG You-kang, WANG Wei-jie. Survey of Adversarial Attacks and Defense Methods for Deep Neural Networks [J]. Computer Science, 2022, 49(11A): 210900163-11.
[8] YANG Wen-bo, YUAN Ji-dong. Locally Black-box Adversarial Attack on Time Series [J]. Computer Science, 2022, 49(10): 285-290.
[9] JING Hui-yun, ZHOU Chuan, HE Xin. Security Evaluation Method for Risk of Adversarial Attack on Face Detection [J]. Computer Science, 2021, 48(7): 17-24.
[10] YANG Yang, CHEN Wei, ZHANG Dan-yi, WANG Dan-ni, SONG Shuang. Adversarial Attacks Threatened Network Traffic Classification Based on CNN [J]. Computer Science, 2021, 48(7): 55-61.
[11] CHEN Jin-yin, ZOU Jian-fei, YUAN Jun-kun, YE Lin-hui. Black-box Adversarial Attack Method Towards Malware Detection [J]. Computer Science, 2021, 48(5): 60-67.
[12] CHEN Kai, WEI Zhi-peng, CHEN Jing-jing, JIANG Yu-gang. Adversarial Attacks and Defenses on Multimedia Models:A Survey [J]. Computer Science, 2021, 48(3): 27-39.
[13] XU Xing, SUN Jia-liang, WANG Zheng, YANG Yang. Feature Transformation for Defending Adversarial Attack on Image Retrieval [J]. Computer Science, 2021, 48(10): 258-265.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.