Article: Gradient-free adversarial attack algorithm based on differential evolution Journal: International Journal of Bio-Inspired Computation (IJBIC) 2023 Vol.22 No.4 pp.217 - 226 Abstract: Deep learning models are susceptible to adversarial examples even in the black-box setting. This means there are security risks in intelligent systems based on deep learning. Research on adversarial attacks is crucial to improving the robustness of deep learning models. Most of the existing algorithms are query-intensive and require models to provide more detailed results. We focus on a restrictive threat model and propose a gradient-free adversarial attack algorithm based on differential evolution. In particular, we design two fitness functions to achieve targeted attacks and non-targeted attacks. And we introduce an elimination mechanism in the selection phase to speed up the convergence of the algorithm. Experiments on MNIST, CIFAR-10, and ImageNet show the effectiveness of the proposed method. The comparison with C&W, ZOO and GenAttack shows our method has better advantages in the attack success rate, the number of queries required for a successful attack, and the information obtained in a single query. Inderscience Publishers - linking academia, business and industry through research

Title: Gradient-free adversarial attack algorithm based on differential evolution

Authors: Qingan Da; Guoyin Zhang; Sizhao Li; Zechao Liu; Wenshan Wang

Addresses: College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China

Abstract: Deep learning models are susceptible to adversarial examples even in the black-box setting. This means there are security risks in intelligent systems based on deep learning. Research on adversarial attacks is crucial to improving the robustness of deep learning models. Most of the existing algorithms are query-intensive and require models to provide more detailed results. We focus on a restrictive threat model and propose a gradient-free adversarial attack algorithm based on differential evolution. In particular, we design two fitness functions to achieve targeted attacks and non-targeted attacks. And we introduce an elimination mechanism in the selection phase to speed up the convergence of the algorithm. Experiments on MNIST, CIFAR-10, and ImageNet show the effectiveness of the proposed method. The comparison with C&W, ZOO and GenAttack shows our method has better advantages in the attack success rate, the number of queries required for a successful attack, and the information obtained in a single query.

Keywords: black-box adversarial attack; partial information setting; differential evolution; gradient-free.

DOI: 10.1504/IJBIC.2023.136087

International Journal of Bio-Inspired Computation, 2023 Vol.22 No.4, pp.217 - 226

Received: 05 Jul 2022
Accepted: 11 May 2023
Published online: 16 Jan 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Gradient-free adversarial attack algorithm based on differential evolution

Keep up-to-date