Jisuanji kexue (Apr 2023)
Adversarial Examples Generation Method Based on Image Color Random Transformation
Abstract
Although deep neural networks(DNNs) have good performance in most classification tasks,they are vulnerable to adversarial examples,making the security of DNNs questionable.Research designs to generate strongly aggressive adversarial examples can help improve the security and robustness of DNNs.Among the methods for generating adversarial examples,black-box attacks are more practical than white-box attacks,which need to rely on model structural parameters.Black-box attacks are gene-rally based on iterative methods to generate adversarial examples,which are less migratory,leading to a generally low success rate of their black-box attacks.To address this problem,introducing data enhancement techniques in the process of countermeasure example generation to randomly change the color of the original image within a limited range can effectively improve the migration of countermeasure examples,thus increasing the success rate of countermeasure example black box attacks.This method is validated through adversarial attack experiments on ImageNet dataset with normal network and adversarial training network,and the experimental results indicate that the method can effectively improve the mobility of the generated adversarial examples.
Keywords
