Impact Statement:The adversarial attack is an emerging topic related to the security in machine learning, which perturbs test samples to make them misclassified by well-trained models. Wh...Show More
Abstract:
The sparse adversarial attack has attracted increasing attention due to the merit of a low attack cost via changing a small number of pixels. However, the generated adver...Show MoreMetadata
Impact Statement:
The adversarial attack is an emerging topic related to the security in machine learning, which perturbs test samples to make them misclassified by well-trained models. While existing methods can perform either imperceivable or sparse adversarial attacks, it is difficult to generate imperceivable and sparse perturbations that are easy to achieve and hard to detect in vision. Hence, this work proposes an imperceivable and sparse adversarial attack method, on the basis of a new coevolutionary algorithm. This work suggests not only an effective and practical adversarial attack method, but also a powerful evolutionary algorithm for solving complex multi-objective optimization problems.
Abstract:
The sparse adversarial attack has attracted increasing attention due to the merit of a low attack cost via changing a small number of pixels. However, the generated adversarial examples are easily detected in vision since the perturbation to each pixel is relatively large. To achieve imperceptible and sparse adversarial attacks, this article formulates a bi-objective constrained optimization problem, simultaneously minimizing the \ell _{0} and \ell _{2} distances to the original image, and proposes a dual-population-based constrained evolutionary algorithm to solve it. The proposed method solves the optimization problem by evolving two populations, where one population is responsible for finding feasible solutions (i.e., successful attacks) and the other one is to minimize both the \ell _{0} and \ell _{2} distances. Moreover, a population initialization strategy and two genetic operators are customized to accelerate the convergence speed. Experimental results indicate that the proposed method can achieve high success rates with low attack costs, and strikes a better balance between the \ell _{0} and \ell _{2} distances than state-of-the-art methods.
Published in: IEEE Transactions on Artificial Intelligence ( Volume: 4, Issue: 2, April 2023)