Article: Adversarial transformation network with adaptive perturbations for generating adversarial examples Journal: International Journal of Bio-Inspired Computation (IJBIC) 2022 Vol.20 No.2 pp.94 - 103 Abstract: Deep neural networks are susceptible to adversarial examples which can mislead or even manipulate the predictive behaviour of deep neural networks. This raises concerns about the safety of deep learning. In this paper, to ensure rapid generation of adversarial examples, we propose an adversarial transformation network with adaptive perturbations by using the framework of a generative adversarial network. For the adversarial training phase, the direction of the adversarial perturbation is adaptively adjusted to generate more adversarial examples with transferability. Besides, the perceptual constraint based on game theory, the pixel-level constraint based on mixed norms, and the target constraint based on the C$W method are introduced to guide the optimisation of the generator. Experiments conducted on MNIST, CIFAR-10, and ImageNet show the proposed algorithm can generate adversarial examples with stronger attack abilities in a shorter time. And the proposed algorithm can generate more transferable adversarial examples when attacking models with similar structures. Inderscience Publishers - linking academia, business and industry through research

Title: Adversarial transformation network with adaptive perturbations for generating adversarial examples

Authors: Guoyin Zhang; Qingan Da; Sizhao Li; Jianguo Sun; Wenshan Wang; Qing Hu; Jiashuai Lu

Addresses: College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' College of Computer Science and Technology, Harbin Engineering University, Harbin, China ' Information Centre of China North Industries Group Corporation, No. 10, Chedaogou, Haidian District, Beijing, China ' Department of Computer Science, The University of Texas at Dallas, Richardson, USA

Abstract: Deep neural networks are susceptible to adversarial examples which can mislead or even manipulate the predictive behaviour of deep neural networks. This raises concerns about the safety of deep learning. In this paper, to ensure rapid generation of adversarial examples, we propose an adversarial transformation network with adaptive perturbations by using the framework of a generative adversarial network. For the adversarial training phase, the direction of the adversarial perturbation is adaptively adjusted to generate more adversarial examples with transferability. Besides, the perceptual constraint based on game theory, the pixel-level constraint based on mixed norms, and the target constraint based on the C$W method are introduced to guide the optimisation of the generator. Experiments conducted on MNIST, CIFAR-10, and ImageNet show the proposed algorithm can generate adversarial examples with stronger attack abilities in a shorter time. And the proposed algorithm can generate more transferable adversarial examples when attacking models with similar structures.

Keywords: adversarial examples; adaptive perturbations; adversarial transformation network; transferability; mixed norms constraint.

DOI: 10.1504/IJBIC.2022.126789

International Journal of Bio-Inspired Computation, 2022 Vol.20 No.2, pp.94 - 103

Received: 10 Sep 2021
Received in revised form: 21 Apr 2022
Accepted: 06 May 2022
Published online: 07 Nov 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Adversarial transformation network with adaptive perturbations for generating adversarial examples

Keep up-to-date