Go to DBLP homepageMulti-objective evolutionary search of variable-length composite semantic perturbations
Abstract: Deep neural networks have proven to be vulnerable to adversarial attacks in the form of adding specific perturbations on images to make wrong outputs. Among that, semantic perturbations attract increasing attention due to their naturalness and physical realizability. However, existing works about semantic perturbations have two limitations. On the one hand, the type of devised semantic perturbations is single, which easily causes poor attack performance, especially on the corresponding defensed models. On the other hand, composite semantic perturbations (CSP) improve the attack performance by integrating multiple semantic perturbations but lacks the role of automatic optimization, such as the attack order, which also leads to relatively low generalizability. To address these problems, we propose a novel method called multi-objective evolutionary search of variable-length composite semantic perturbations (MES-VCSP). Specifically, we construct the mathematical model of variable-length CSP, which allows the same type of attacks to be performed multiple times, realizing a more efficient attack. Besides, we introduce the multi-objective evolutionary search consisting of NSGA-II and neighborhood search to find near-optimal variable-length attack sequences. Experimental results on multiple image classification datasets show that compared with CSP, MES-VCSP can obtain adversarial examples with a higher attack success rate, more naturalness, and less time cost.
Loading