Reducing Perturbation of Adversarial Examples via Projected Optimization Method

Jiaqi Zhou, Kunqing Wang, Wencong Han, Kai Yang, Hongwei Jiang, Quanxin Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Deep neural networks are vulnerable to the adversarial example. So far, the primary way of generating the adversarial example is comparing the success rates of the adversarial attack. However, the distance between the made example and the original example is also an essential indicator. In this paper, it is demonstrated that the optimization algorithm could reduce the perturbation of adversarial example generated by using the extremum loss function to obtain the perturbation. This paper introduces the OPA optimization algorithm and uses it to find the best advantage on the model decision boundary as the adversarial example. This paper tests four attack methods FGSM, BIM, MI-FGSM and CW, and measures the perturbation between the original sample and the generats sample by the Euclidean distance. And it is found that the noise of the sample image is significantly reduced by OPA optimization. It should be set in 12-point font size.

Original languageEnglish
Title of host publicationProceedings of 2020 IEEE International Conference on Power, Intelligent Computing and Systems, ICPICS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages148-150
Number of pages3
ISBN (Electronic)9781728198736
DOIs
Publication statusPublished - Jul 2020
Event2020 IEEE International Conference on Power, Intelligent Computing and Systems, ICPICS 2020 - Shenyang, China
Duration: 28 Jul 202030 Jul 2020

Publication series

NameProceedings of 2020 IEEE International Conference on Power, Intelligent Computing and Systems, ICPICS 2020

Conference

Conference2020 IEEE International Conference on Power, Intelligent Computing and Systems, ICPICS 2020
Country/TerritoryChina
CityShenyang
Period28/07/2030/07/20

Keywords

  • Adversarial example
  • Decision boundary
  • Image recognition

Fingerprint

Dive into the research topics of 'Reducing Perturbation of Adversarial Examples via Projected Optimization Method'. Together they form a unique fingerprint.

Cite this