Volume 30 Issue 5
Sep.  2021
Turn off MathJax
Article Contents
YU Tingyue, WANG Shen, ZHANG Chunrui, WANG Zhenbang, LI Yetian, YU Xiangzhan. Targeted Adversarial Examples Generating Method Based on cVAE in Black Box Settings[J]. Chinese Journal of Electronics, 2021, 30(5): 866-875. doi: 10.1049/cje.2021.06.009
Citation: YU Tingyue, WANG Shen, ZHANG Chunrui, WANG Zhenbang, LI Yetian, YU Xiangzhan. Targeted Adversarial Examples Generating Method Based on cVAE in Black Box Settings[J]. Chinese Journal of Electronics, 2021, 30(5): 866-875. doi: 10.1049/cje.2021.06.009

Targeted Adversarial Examples Generating Method Based on cVAE in Black Box Settings

doi: 10.1049/cje.2021.06.009
Funds:

This work is supported by the National Defense Basic Scientific Research Program of China (No.JCKY2018603B006) and Sichuan Science and Technology Program (No.2019YFSY0049).

  • Received Date: 2020-05-09
    Available Online: 2021-09-02
  • In recent years, adversarial examples has become one of the most important security threats in deep learning applications. For testing the security of deep learning models in adversarial environment, many researches focus on generating adversarial examples quickly and efficiently. In order to solve the problems of existing generative adversarial networks based methods which can not effectively generate the targeted adversarial examples in black box settings, and to improve the temporal performance of gradient-based generating methods, an adversarial examples generating method based on conditional Variational autoencoder (cVAE) is proposed in this paper, where a cVAE is designed elaborately to generate adversarial examples without most of the detailed information about the attacked deep learning models, of which the output can be controlled arbitrarily by these crafted inputs, used to test the robustness of deep learning models against adversarial examples. The experimental results show that the proposed method can achieve a comparable attack success rate and a better temporal performance than the existing gradient-based generating methods in black box environment.
  • loading
  • Christian Szegedy, Wojciech Zaremba and Ilya Sutskever, "Intriguing properties of neural networks", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1312.6199,2014-2-19.
    Tom B Brown, Dandelion Mané, Aurko Roy, et al., "Adversarial patch", arXiv preprint, arXiv:1712.09665, 2018-8-17.
    Anish Athalye, Logan Engstrom and Andrew Ilyas, "Synthesizing robust adversarial examples", International Conference on Machine Learning (ICML), pp.284-293, 2018.
    Ian Goodfellow, Jean Pouget-Abadie and Mehdi Mirza, "Generative adversarial nets", Advances in Neural Information Processing Systems (NIPS), pp.2672-2680, 2014.
    Kihyuk Sohn, Honglak Lee, and Xinchen Yan, "Learning structured output representation using deep conditional generative models", Advances in Neural Information Processing Systems (NIPS), pp.3483-3491, 2015.
    Ian J Goodfellow, Jonathon Shlens and Christian Szegedy, "Explaining and harnessing adversarial examples", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1412.6572,2015-3-20.
    Aleksander Madry, Aleksandar Makelov and Ludwig Schmidt, "Towards deep learning models resistant to adversarial attacks", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1706.06083,2010-9-4.
    Yinpeng Dong, Fangzhou Liao and Tianyu Pang, "Boosting adversarial attacks with momentum", Proceedings of the IEEE Conference On Computer Vision and Pattern Recognition (CVPR), pp.9185-9193, 2018.
    Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi and Pascal Frossard, "Deepfool:A simple and accurate method to fool deep neural networks", Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp.2574-2582, 2016.
    Nicolas Papernot, Patrick McDaniel and Somesh Jha, "The limitations of deep learning in adversarial settings", 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp.372-387, 2016.
    Jamie Hayes and George Danezis, "Learning universal adversarial perturbation with generative models", IEEE Security and Privacy Workshops (SPW), pp.43-49, 2018.
    Zhengli Zhao, Dheeru Dua and Sameer Singh, "Generating natural adversarial examples", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1710.11342v2,2018-2-23.
    Mahmood Sharif, Sruti Bhagavatula and Lujo Bauer, "A general framework for adversarial examples with objectives", ACM Transactions on Privacy and Security (TOPS), Vol.22, No.3, pp.16, 2019.
    Diederik P Kingma and Max Welling, "Auto-encoding variational bayes", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1312.6114,2014-5-1.
    Kaiming He, Xiangyu Zhang and Shaoqing Ren, "Identity mappings in deep residual networks", European Conference on Computer Vision, Springer, pp.630-645, 2016.
    Diederik P Kingma and Max Welling, "Shake-shake regularization", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1705.07485,2017-5-23.
    Karen Simonyan and Andrew Zisserman, "Very deep convolutional networks for large-scale image recognition", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1409.1556,2015-4-10.
    Kaiming He, Xiangyu Zhang and Shaoqing Ren, "Deep residual learning for image recognition", Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp.770-778, 2016.
    Jie Hu, Li Shen and Gang Sun, "Squeeze-and-excitation networks", Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp.7132-7141, 2018.
    Mark Sandler, Andrew Howard, Menglong Zhu, et al., "Mobilenetv2:Inverted residuals and linear bottlenecks", Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp.4510-4520, 2018.
    Alec Radford, Luke Metz and Soumith Chintala, "Unsupervised representation learning with deep convolutional generative adversarial networks", International Conference on Learning Representations (ICLR), https://arxiv.org/abs/1511.06434,2016-1-7.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (130) PDF downloads(13) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return