An Autoencoder-based Method for Targeted Attack on Deep Neural Network Models

2021 RIVF International Conference on Computing and Communication Technologies (RIVF) Pub Date : 2021-08-19 DOI:10.1109/RIVF51545.2021.9642102

D. Nguyen, Do Minh Kha, Pham Thi To Nga, Pham Ngoc Hung

{"title":"An Autoencoder-based Method for Targeted Attack on Deep Neural Network Models","authors":"D. Nguyen, Do Minh Kha, Pham Thi To Nga, Pham Ngoc Hung","doi":"10.1109/RIVF51545.2021.9642102","DOIUrl":null,"url":null,"abstract":"This paper presents an autoencoder-based method for a targeted attack on deep neural network models, named AE4DNN. The proposed method aims to improve the existing targeted attacks in terms of their generalization, transferability, and the trade-off between the quality of adversarial examples and the computational cost. The idea of AE4DNN is that an autoencoder model is trained from a balanced subset of the training set. The trained autoencoder model is then used to generate adversarial examples from the remaining subset of the training set, produce adversarial examples from new samples, and attack other DNN models. To demonstrate the effectiveness of AE4DNN, the compared methods are box-constrained L-BFGS, Carlini-Wagner ‖L‖2 attack, and AAE. The comprehensive experiment on MNIST has shown that AE4DNN can gain a better transferability, improve generalization, and generate high quality of adversarial examples while requiring a low cost of computation. This initial result demonstrates the potential ability of AE4DNN in practice, which would help to reduce the effort of testing deep neural network models.","PeriodicalId":6860,"journal":{"name":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","volume":"8 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RIVF51545.2021.9642102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This paper presents an autoencoder-based method for a targeted attack on deep neural network models, named AE4DNN. The proposed method aims to improve the existing targeted attacks in terms of their generalization, transferability, and the trade-off between the quality of adversarial examples and the computational cost. The idea of AE4DNN is that an autoencoder model is trained from a balanced subset of the training set. The trained autoencoder model is then used to generate adversarial examples from the remaining subset of the training set, produce adversarial examples from new samples, and attack other DNN models. To demonstrate the effectiveness of AE4DNN, the compared methods are box-constrained L-BFGS, Carlini-Wagner ‖L‖2 attack, and AAE. The comprehensive experiment on MNIST has shown that AE4DNN can gain a better transferability, improve generalization, and generate high quality of adversarial examples while requiring a low cost of computation. This initial result demonstrates the potential ability of AE4DNN in practice, which would help to reduce the effort of testing deep neural network models.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于自编码器的深度神经网络模型目标攻击方法

本文提出了一种基于自编码器的深度神经网络模型定向攻击方法，命名为AE4DNN。提出的方法旨在从泛化、可转移性以及对抗性示例的质量和计算成本之间的权衡等方面改进现有的目标攻击。AE4DNN的思想是从训练集的平衡子集中训练自编码器模型。然后使用训练好的自编码器模型从训练集的剩余子集中生成对抗性示例，从新样本中生成对抗性示例，并攻击其他DNN模型。为了证明AE4DNN的有效性，比较的方法是盒约束的L- bfgs, Carlini-Wagner‖L‖2攻击和AAE。在MNIST上的综合实验表明，AE4DNN可以获得更好的可转移性，提高泛化能力，生成高质量的对抗样例，同时需要较低的计算成本。这一初步结果证明了AE4DNN在实践中的潜在能力，这将有助于减少测试深度神经网络模型的工作量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2021 RIVF International Conference on Computing and Communication Technologies (RIVF)

自引率

0.00%

发文量