D. Nguyen, Do Minh Kha, Pham Thi To Nga, Pham Ngoc Hung
{"title":"基于自编码器的深度神经网络模型目标攻击方法","authors":"D. Nguyen, Do Minh Kha, Pham Thi To Nga, Pham Ngoc Hung","doi":"10.1109/RIVF51545.2021.9642102","DOIUrl":null,"url":null,"abstract":"This paper presents an autoencoder-based method for a targeted attack on deep neural network models, named AE4DNN. The proposed method aims to improve the existing targeted attacks in terms of their generalization, transferability, and the trade-off between the quality of adversarial examples and the computational cost. The idea of AE4DNN is that an autoencoder model is trained from a balanced subset of the training set. The trained autoencoder model is then used to generate adversarial examples from the remaining subset of the training set, produce adversarial examples from new samples, and attack other DNN models. To demonstrate the effectiveness of AE4DNN, the compared methods are box-constrained L-BFGS, Carlini-Wagner ‖L‖2 attack, and AAE. The comprehensive experiment on MNIST has shown that AE4DNN can gain a better transferability, improve generalization, and generate high quality of adversarial examples while requiring a low cost of computation. This initial result demonstrates the potential ability of AE4DNN in practice, which would help to reduce the effort of testing deep neural network models.","PeriodicalId":6860,"journal":{"name":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","volume":"8 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Autoencoder-based Method for Targeted Attack on Deep Neural Network Models\",\"authors\":\"D. Nguyen, Do Minh Kha, Pham Thi To Nga, Pham Ngoc Hung\",\"doi\":\"10.1109/RIVF51545.2021.9642102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents an autoencoder-based method for a targeted attack on deep neural network models, named AE4DNN. The proposed method aims to improve the existing targeted attacks in terms of their generalization, transferability, and the trade-off between the quality of adversarial examples and the computational cost. The idea of AE4DNN is that an autoencoder model is trained from a balanced subset of the training set. The trained autoencoder model is then used to generate adversarial examples from the remaining subset of the training set, produce adversarial examples from new samples, and attack other DNN models. To demonstrate the effectiveness of AE4DNN, the compared methods are box-constrained L-BFGS, Carlini-Wagner ‖L‖2 attack, and AAE. The comprehensive experiment on MNIST has shown that AE4DNN can gain a better transferability, improve generalization, and generate high quality of adversarial examples while requiring a low cost of computation. This initial result demonstrates the potential ability of AE4DNN in practice, which would help to reduce the effort of testing deep neural network models.\",\"PeriodicalId\":6860,\"journal\":{\"name\":\"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)\",\"volume\":\"8 1\",\"pages\":\"1-6\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RIVF51545.2021.9642102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 RIVF International Conference on Computing and Communication Technologies (RIVF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RIVF51545.2021.9642102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Autoencoder-based Method for Targeted Attack on Deep Neural Network Models
This paper presents an autoencoder-based method for a targeted attack on deep neural network models, named AE4DNN. The proposed method aims to improve the existing targeted attacks in terms of their generalization, transferability, and the trade-off between the quality of adversarial examples and the computational cost. The idea of AE4DNN is that an autoencoder model is trained from a balanced subset of the training set. The trained autoencoder model is then used to generate adversarial examples from the remaining subset of the training set, produce adversarial examples from new samples, and attack other DNN models. To demonstrate the effectiveness of AE4DNN, the compared methods are box-constrained L-BFGS, Carlini-Wagner ‖L‖2 attack, and AAE. The comprehensive experiment on MNIST has shown that AE4DNN can gain a better transferability, improve generalization, and generate high quality of adversarial examples while requiring a low cost of computation. This initial result demonstrates the potential ability of AE4DNN in practice, which would help to reduce the effort of testing deep neural network models.