欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2022, Vol. 39 ›› Issue (3): 421-431.DOI: 10.7523/j.ucas.2020.0034

• 简报 • 上一篇    

基于高维特征的图像对抗攻击算法

林大权1,2,3, 范睿1, 张良峰1   

  1. 1 上海科技大学信息科学与技术学院, 上海 201210;
    2 中国科学院上海微系统与信息技术研究所, 上海 200050;
    3 中国科学院大学, 北京 100049
  • 收稿日期:2020-04-23 修回日期:2020-05-18 发布日期:2021-06-01
  • 通讯作者: 林大权
  • 基金资助:
    国家自然科学基金(61602304)资助

Image adversarial attack algorithm based on high-dimensional feature

LIN Daquan1,2,3, FAN Rui1, ZHANG Liangfeng1   

  1. 1 School of Information Science & Technology, ShanghaiTech University, Shanghai 201210, China;
    2 Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences, Shanghai 200050, China;
    3 University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2020-04-23 Revised:2020-05-18 Published:2021-06-01

摘要: 为了攻击最先进的对抗防御方法,提出一种基于高维特征的图像对抗攻击算法——FB-PGD(feature based projected gradient descent)。该算法通过迭代的方式给待攻击图像添加扰动,使待攻击图像的特征与目标图像的特征相似,从而生成对抗样本。实验部分,在多种数据集和防御模型上,与现存的攻击算法对比,证实了FB-PGD算法不仅在以往的防御方法上攻击性能优异,同时在最先进的两个防御方法上,攻击成功率较常见的攻击方法提升超过20 % 。因此,FB-PGD算法可以成为检验防御方法的新基准。

关键词: 对抗样本, 鲁棒性, 图像分类, 深度学习, 安全

Abstract: In order to attack state-of-the-art adversarial defense methods, an image adversarial attack algorithm based on high-dimensional features called FB-PGD(feature based projected gradient descent) is proposed. It increases the similarity between clean image features and target image features by adding perturbation to clean image iteratively, then adversarial examples will be generated. In the experimental section, by comparing with existing adversarial attack algorithms on different defense models, the result shows that this attack algorithm not only has strong attack performance in the previous defense methods but also increases attack success rate more than 20[WTB4]%[WTBZ] compared to common adversarial attack algorithms in two state-of-the-art defense methods on a variety of datasets. So, the adversarial attack algorithm can be used as a new benchmark to test defense.

Key words: adversarial examples, robustness, image classification, deep learning, security

中图分类号: