How Secure Are The Adversarial Examples Themselves?

ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) Pub Date : 2022-05-23 DOI:10.1109/ICASSP43922.2022.9747206

Hui Zeng, Kang Deng, Biwei Chen, Anjie Peng

{"title":"How Secure Are The Adversarial Examples Themselves?","authors":"Hui Zeng, Kang Deng, Biwei Chen, Anjie Peng","doi":"10.1109/ICASSP43922.2022.9747206","DOIUrl":null,"url":null,"abstract":"Existing adversarial example generation algorithms mainly consider the success rate of spoofing target model, but pay little attention to its own security. In this paper, we propose the concept of adversarial example security as how unlikely themselves can be detected. A two-step test is proposed to deal with the adversarial attacks of different strengths. Game theory is introduced to model the interplay between the attacker and the investigator. By solving Nash equilibrium, the optimal strategies of both parties are obtained, and the security of the attacks is evaluated. Five typical attacks are compared on the ImageNet. The results show that a rational attacker tends to use a relatively weak strength. By comparing the ROC curves under Nash equilibrium, it is observed that the constrained perturbation attacks are more secure than the optimized perturbation attacks in face of the two-step test. The proposed framework can be used to evaluate the security of various potential attacks and further the research of adversarial example generation/detection.","PeriodicalId":272439,"journal":{"name":"ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICASSP43922.2022.9747206","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Existing adversarial example generation algorithms mainly consider the success rate of spoofing target model, but pay little attention to its own security. In this paper, we propose the concept of adversarial example security as how unlikely themselves can be detected. A two-step test is proposed to deal with the adversarial attacks of different strengths. Game theory is introduced to model the interplay between the attacker and the investigator. By solving Nash equilibrium, the optimal strategies of both parties are obtained, and the security of the attacks is evaluated. Five typical attacks are compared on the ImageNet. The results show that a rational attacker tends to use a relatively weak strength. By comparing the ROC curves under Nash equilibrium, it is observed that the constrained perturbation attacks are more secure than the optimized perturbation attacks in face of the two-step test. The proposed framework can be used to evaluate the security of various potential attacks and further the research of adversarial example generation/detection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

对抗性例子本身有多安全?

现有的对抗样例生成算法主要考虑欺骗目标模型的成功率，而很少考虑其自身的安全性。在本文中，我们提出了对抗性示例安全性的概念，即它们自身不太可能被检测到的程度。提出了一种两步测试方法来处理不同强度的对抗性攻击。博弈论被引入来模拟攻击者和调查者之间的相互作用。通过求解纳什均衡，得到了双方的最优策略，并对攻击的安全性进行了评价。在ImageNet上比较了五种典型的攻击。结果表明，理性的攻击者倾向于使用相对较弱的强度。通过比较Nash均衡下的ROC曲线，可以发现在两步检验中，约束摄动攻击比优化摄动攻击更安全。该框架可用于评估各种潜在攻击的安全性，并进一步研究对抗示例生成/检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)

自引率

0.00%

发文量