Sample Based Fast Adversarial Attack Method

摘要

Deep neural network (DNN) brings the rapid development of pattern recognition algorithms. However, a large number of experiments show that there are some vulnerabilities in DNNs. Though many adversarial samples generating algorithms has been proposed, most of them based on some known information of attacked model. We proposed a new fast black-box adversarial attack algorithm purely based on data samples. First, we find the key difference between different classes based on principle component analysis and calculate the difference vector. During attacking, we just drive a sample to the target class (for target adversarial) or the nearest other class (for misclassification adversarial). The minimum modification to create an target adversarial sample is obtained by bi-section line search along the difference vector from current class to target class. For misclassification adversarial attack, the minimum modification among all other classes is given. Experimental results show that the proposed algorithm generating comparable adversarial samples much fast then classical attack algorithms.