Go to DBLP homepageTargeted Universal Adversarial Attack Based on Fourier Transform
Abstract: The existence of adversarial example reveals the fragility in neural networks, and the exploration of their theoretical origins increases the interpretability of deep learning, enhances researchers’ understanding of neural networks, and contributes to the development of next-generation artificial intelligence, which has attracted widespread research in various fields. The targeted adversarial attack problem based on sample features faces two problems: on the one hand, the difference in the model’s attention to different features in the example; On the other hand, the bias that occurs in adversarial attacks can have an impact on targeted attacks. The mechanism of the human eye relies more on the shape information of the image. However, in the past, artificial intelligence models based on convolutional neural networks often relied on the texture features of image examples to make decisions. At present, general optimize adversarial attack algorithms do not distinguish different types of features based on different parts of the image, but only process the entire example in a general manner, making it difficult to effectively utilize the effective features in the example, resulting in poor algorithm performance and interpretability. This article optimizes the adversarial attack algorithm based on optimization iteration, as follows: Firstly, different types of information in adversarial examples are studied, and fourier transform technology is used to process the attacked original image and obtain its low-frequency information. The obtained low-frequency examples are randomly cropped to obtain some feature examples. Then, the clustering effect was studied when the examples were attacked without targets, and an inter-class smoothing loss was designed to improve the success rate of target attacks. This Rebalance Universal Feature Method (RFM) is based on fourier low pass filtering and inter-class smoothing, which effectively improves the ability of optimization iteration based targeted adversarial attack algorithms. The effectiveness of the method has been demonstrated through experiments.
Loading