Restricted Region Based Iterative Gradient Method for Non-Targeted Attack
Neural networks have been widely applied but they are still vulnerable to adversarial examples. More and more defense models have been proposed and they can resist the attacks to the neural networks. In order to generate adversarial examples with good transferability, we propose the restricted regio...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2020-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8978619/ |
id |
doaj-d9e48f2e199f459e8aeb905528191e24 |
---|---|
record_format |
Article |
spelling |
doaj-d9e48f2e199f459e8aeb905528191e242021-03-30T02:36:35ZengIEEEIEEE Access2169-35362020-01-018252622527110.1109/ACCESS.2020.29710048978619Restricted Region Based Iterative Gradient Method for Non-Targeted AttackZhaoquan Gu0https://orcid.org/0000-0001-7546-852XWeixiong Hu1https://orcid.org/0000-0002-5474-991XChuanjing Zhang2https://orcid.org/0000-0003-1503-8274Le Wang3https://orcid.org/0000-0002-3610-9185Chunsheng Zhu4https://orcid.org/0000-0001-8041-0197Zhihong Tian5https://orcid.org/0000-0002-9409-5359Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, ChinaCyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, ChinaCyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, ChinaCyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, ChinaSUSTech Institute of Future Networks, Southern University of Science and Technology, Shenzhen, ChinaCyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, ChinaNeural networks have been widely applied but they are still vulnerable to adversarial examples. More and more defense models have been proposed and they can resist the attacks to the neural networks. In order to generate adversarial examples with good transferability, we propose the restricted region based iterative gradient method (RRI-GM) for non-targeted attack, which aims at generating adversarial examples to make black-box defense models output wrong decision. We first use object detection algorithm to restrict some key regions in the images, since we regard perturbation in the key region affects more than the whole image. To improve the efficiency of attacks, we use gradient-based attack methods and they show good performance. In addition, the process is iterated for multiple rounds to generate adversarial examples with good transferability. Furthermore, we conduct extensive experiments to validate the effectiveness of the proposed method, and the results show that our method can achieve good attack performance against black-box defense models.https://ieeexplore.ieee.org/document/8978619/Adversarial examplesblack-box attacktransferabilityrestrict regiongradient-based attacknon-targeted attack |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Zhaoquan Gu Weixiong Hu Chuanjing Zhang Le Wang Chunsheng Zhu Zhihong Tian |
spellingShingle |
Zhaoquan Gu Weixiong Hu Chuanjing Zhang Le Wang Chunsheng Zhu Zhihong Tian Restricted Region Based Iterative Gradient Method for Non-Targeted Attack IEEE Access Adversarial examples black-box attack transferability restrict region gradient-based attack non-targeted attack |
author_facet |
Zhaoquan Gu Weixiong Hu Chuanjing Zhang Le Wang Chunsheng Zhu Zhihong Tian |
author_sort |
Zhaoquan Gu |
title |
Restricted Region Based Iterative Gradient Method for Non-Targeted Attack |
title_short |
Restricted Region Based Iterative Gradient Method for Non-Targeted Attack |
title_full |
Restricted Region Based Iterative Gradient Method for Non-Targeted Attack |
title_fullStr |
Restricted Region Based Iterative Gradient Method for Non-Targeted Attack |
title_full_unstemmed |
Restricted Region Based Iterative Gradient Method for Non-Targeted Attack |
title_sort |
restricted region based iterative gradient method for non-targeted attack |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2020-01-01 |
description |
Neural networks have been widely applied but they are still vulnerable to adversarial examples. More and more defense models have been proposed and they can resist the attacks to the neural networks. In order to generate adversarial examples with good transferability, we propose the restricted region based iterative gradient method (RRI-GM) for non-targeted attack, which aims at generating adversarial examples to make black-box defense models output wrong decision. We first use object detection algorithm to restrict some key regions in the images, since we regard perturbation in the key region affects more than the whole image. To improve the efficiency of attacks, we use gradient-based attack methods and they show good performance. In addition, the process is iterated for multiple rounds to generate adversarial examples with good transferability. Furthermore, we conduct extensive experiments to validate the effectiveness of the proposed method, and the results show that our method can achieve good attack performance against black-box defense models. |
topic |
Adversarial examples black-box attack transferability restrict region gradient-based attack non-targeted attack |
url |
https://ieeexplore.ieee.org/document/8978619/ |
work_keys_str_mv |
AT zhaoquangu restrictedregionbasediterativegradientmethodfornontargetedattack AT weixionghu restrictedregionbasediterativegradientmethodfornontargetedattack AT chuanjingzhang restrictedregionbasediterativegradientmethodfornontargetedattack AT lewang restrictedregionbasediterativegradientmethodfornontargetedattack AT chunshengzhu restrictedregionbasediterativegradientmethodfornontargetedattack AT zhihongtian restrictedregionbasediterativegradientmethodfornontargetedattack |
_version_ |
1724184901401444352 |