An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II

Chunkai Zhang; Yepeng Deng; Xin Guo; Xuan Wang; Chuanyi Liu

doi:10.1007/978-3-030-41579-2_35

An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II

Chunkai Zhang
, Yepeng Deng
, Xin Guo
, Xuan Wang
, Chuanyi Liu^*

^*Corresponding author for this work

Harbin Institute of Technology Shenzhen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Various approaches have been proposed to exploit the vulnerability to challenge the robustness of victim models, in the black-box scenario, it is difficult to generate barely noticeable adversarial examples while guaranteeing the attack success rate. Although some methods could solve this problem to some extent, the imperceptibility of the generated perturbations is still far from that of the most advanced attack, worse still, it is infeasible to attack the color image datasets due to its inefficiency. In MOEA-APGA II, We propose the new objective function and the novel population evolution strategies to reduce the average distortion without sacrificing the attack success rate, and compared to the state-of-the-art black-box attack (ZOO), our method achieves a better attack success rate under fewer queries on the benchmark datasets.

Original language	English
Title of host publication	Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers
Editors	Jianying Zhou, Xiapu Luo, Qingni Shen, Zhen Xu
Publisher	Springer
Pages	603-612
Number of pages	10
ISBN (Print)	9783030415785
DOIs	https://doi.org/10.1007/978-3-030-41579-2_35
State	Published - 2020
Externally published	Yes
Event	21st International Conference on Information and Communications Security, ICICS 2019 - Beijing, China Duration: 15 Dec 2019 → 17 Dec 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11999 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Information and Communications Security, ICICS 2019
Country/Territory	China
City	Beijing
Period	15/12/19 → 17/12/19

Keywords

Adversarial examples
Black-box attack
Multi-objective optimization

Access to Document

10.1007/978-3-030-41579-2_35

Cite this

Zhang, C., Deng, Y., Guo, X., Wang, X., & Liu, C. (2020). An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II. In J. Zhou, X. Luo, Q. Shen, & Z. Xu (Eds.), Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers (pp. 603-612). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11999 LNCS). Springer. https://doi.org/10.1007/978-3-030-41579-2_35

Zhang, Chunkai ; Deng, Yepeng ; Guo, Xin et al. / An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario : MOEA-APGA II. Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers. editor / Jianying Zhou ; Xiapu Luo ; Qingni Shen ; Zhen Xu. Springer, 2020. pp. 603-612 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1fe7075e414742daa8b73ce08031d02d,

title = "An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II",

abstract = "Various approaches have been proposed to exploit the vulnerability to challenge the robustness of victim models, in the black-box scenario, it is difficult to generate barely noticeable adversarial examples while guaranteeing the attack success rate. Although some methods could solve this problem to some extent, the imperceptibility of the generated perturbations is still far from that of the most advanced attack, worse still, it is infeasible to attack the color image datasets due to its inefficiency. In MOEA-APGA II, We propose the new objective function and the novel population evolution strategies to reduce the average distortion without sacrificing the attack success rate, and compared to the state-of-the-art black-box attack (ZOO), our method achieves a better attack success rate under fewer queries on the benchmark datasets.",

keywords = "Adversarial examples, Black-box attack, Multi-objective optimization",

author = "Chunkai Zhang and Yepeng Deng and Xin Guo and Xuan Wang and Chuanyi Liu",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 21st International Conference on Information and Communications Security, ICICS 2019 ; Conference date: 15-12-2019 Through 17-12-2019",

year = "2020",

doi = "10.1007/978-3-030-41579-2\_35",

language = "英语",

isbn = "9783030415785",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "603--612",

editor = "Jianying Zhou and Xiapu Luo and Qingni Shen and Zhen Xu",

booktitle = "Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers",

address = "德国",

}

Zhang, C, Deng, Y, Guo, X, Wang, X & Liu, C 2020, An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II. in J Zhou, X Luo, Q Shen & Z Xu (eds), Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11999 LNCS, Springer, pp. 603-612, 21st International Conference on Information and Communications Security, ICICS 2019, Beijing, China, 15/12/19. https://doi.org/10.1007/978-3-030-41579-2_35

An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II. / Zhang, Chunkai; Deng, Yepeng; Guo, Xin et al.
Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers. ed. / Jianying Zhou; Xiapu Luo; Qingni Shen; Zhen Xu. Springer, 2020. p. 603-612 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11999 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario

T2 - 21st International Conference on Information and Communications Security, ICICS 2019

AU - Zhang, Chunkai

AU - Deng, Yepeng

AU - Guo, Xin

AU - Wang, Xuan

AU - Liu, Chuanyi

PY - 2020

Y1 - 2020

N2 - Various approaches have been proposed to exploit the vulnerability to challenge the robustness of victim models, in the black-box scenario, it is difficult to generate barely noticeable adversarial examples while guaranteeing the attack success rate. Although some methods could solve this problem to some extent, the imperceptibility of the generated perturbations is still far from that of the most advanced attack, worse still, it is infeasible to attack the color image datasets due to its inefficiency. In MOEA-APGA II, We propose the new objective function and the novel population evolution strategies to reduce the average distortion without sacrificing the attack success rate, and compared to the state-of-the-art black-box attack (ZOO), our method achieves a better attack success rate under fewer queries on the benchmark datasets.

AB - Various approaches have been proposed to exploit the vulnerability to challenge the robustness of victim models, in the black-box scenario, it is difficult to generate barely noticeable adversarial examples while guaranteeing the attack success rate. Although some methods could solve this problem to some extent, the imperceptibility of the generated perturbations is still far from that of the most advanced attack, worse still, it is infeasible to attack the color image datasets due to its inefficiency. In MOEA-APGA II, We propose the new objective function and the novel population evolution strategies to reduce the average distortion without sacrificing the attack success rate, and compared to the state-of-the-art black-box attack (ZOO), our method achieves a better attack success rate under fewer queries on the benchmark datasets.

KW - Adversarial examples

KW - Black-box attack

KW - Multi-objective optimization

UR - https://www.scopus.com/pages/publications/85081180161

U2 - 10.1007/978-3-030-41579-2_35

DO - 10.1007/978-3-030-41579-2_35

M3 - 会议稿件

AN - SCOPUS:85081180161

SN - 9783030415785

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 603

EP - 612

BT - Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers

A2 - Zhou, Jianying

A2 - Luo, Xiapu

A2 - Shen, Qingni

A2 - Xu, Zhen

PB - Springer

Y2 - 15 December 2019 through 17 December 2019

ER -

Zhang C, Deng Y, Guo X, Wang X , Liu C. An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II. In Zhou J, Luo X, Shen Q, Xu Z, editors, Information and Communications Security - 21st International Conference, ICICS 2019, Revised Selected Papers. Springer. 2020. p. 603-612. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-41579-2_35

An Adversarial Attack Based on Multi-objective Optimization in the Black-Box Scenario: MOEA-APGA II

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this