Abstract: Neural networks are vulnerable when input data is applied with human-imperceptible perturbations, which is called adversarial examples. When used in image classification models, adversarial examples mislead neural netwoks to classify images with wrong labels, posing great threat to network security. White-box attack has achieved considerable success rate, for the model structure is already known. But black-box attack remains to be improved, so as to the transferability. We refer to the model augmentation method in network training process, and apply to generating adversarial examples to reduce overfitting. Consulting fundamental methods in adversarial examples, we propose a multi-cropping transformation method to alleviate overfitting and enhance transferability. Firstly, referring to data augmentation, we multi-crop original images in every iteration with random possibilities in adversarial exaples generating process. Secondly, the gradient of model loss function is calculated, and the perturbations are added to original images. Finally, we generate adversarial examples with iterative perturbations. The validation of our method is verified on single models and ensemble models, and the transferability is improved, compared to other fundamental methods.
0 Replies
Loading