基于ADMM的深度神经网络强化对抗性攻击

2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP) Pub Date : 2018-11-01 DOI:10.1109/GLOBALSIP.2018.8646651

Pu Zhao, Kaidi Xu, Tianyun Zhang, M. Fardad, Yanzhi Wang, X. Lin

{"title":"基于ADMM的深度神经网络强化对抗性攻击","authors":"Pu Zhao, Kaidi Xu, Tianyun Zhang, M. Fardad, Yanzhi Wang, X. Lin","doi":"10.1109/GLOBALSIP.2018.8646651","DOIUrl":null,"url":null,"abstract":"As deep learning penetrates into wide application domains, it is essential to evaluate the robustness of deep neural networks (DNNs) under adversarial attacks, especially for some security-critical applications. To better understand the security properties of DNNs, we propose a general framework for constructing adversarial examples, based on ADMM (Alternating Direction Method of Multipliers). This general framework can be adapted to implement L2 and L0 attacks with minor changes. Our ADMM attacks require less distortion for incorrect classification compared with C&W attacks. Our ADMM attack is also able to break defenses such as defensive distillation and adversarial training, and provide strong attack transferability.","PeriodicalId":119131,"journal":{"name":"2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Reinforced Adversarial Attacks on Deep Neural Networks Using ADMM\",\"authors\":\"Pu Zhao, Kaidi Xu, Tianyun Zhang, M. Fardad, Yanzhi Wang, X. Lin\",\"doi\":\"10.1109/GLOBALSIP.2018.8646651\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As deep learning penetrates into wide application domains, it is essential to evaluate the robustness of deep neural networks (DNNs) under adversarial attacks, especially for some security-critical applications. To better understand the security properties of DNNs, we propose a general framework for constructing adversarial examples, based on ADMM (Alternating Direction Method of Multipliers). This general framework can be adapted to implement L2 and L0 attacks with minor changes. Our ADMM attacks require less distortion for incorrect classification compared with C&W attacks. Our ADMM attack is also able to break defenses such as defensive distillation and adversarial training, and provide strong attack transferability.\",\"PeriodicalId\":119131,\"journal\":{\"name\":\"2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/GLOBALSIP.2018.8646651\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GLOBALSIP.2018.8646651","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

随着深度学习渗透到广泛的应用领域，评估深度神经网络(dnn)在对抗性攻击下的鲁棒性至关重要，特别是对于一些安全关键应用。为了更好地理解dnn的安全性，我们提出了一个基于ADMM(乘数交替方向法)的通用框架来构建对抗性示例。这个通用框架可以通过微小的修改来实现L2和L0攻击。与C&W攻击相比，我们的ADMM攻击对错误分类的扭曲程度更低。我们的ADMM攻击还能够突破防御蒸馏和对抗训练等防御，并提供强大的攻击可转移性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Reinforced Adversarial Attacks on Deep Neural Networks Using ADMM

As deep learning penetrates into wide application domains, it is essential to evaluate the robustness of deep neural networks (DNNs) under adversarial attacks, especially for some security-critical applications. To better understand the security properties of DNNs, we propose a general framework for constructing adversarial examples, based on ADMM (Alternating Direction Method of Multipliers). This general framework can be adapted to implement L2 and L0 attacks with minor changes. Our ADMM attacks require less distortion for incorrect classification compared with C&W attacks. Our ADMM attack is also able to break defenses such as defensive distillation and adversarial training, and provide strong attack transferability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP)

自引率

0.00%

发文量