TY - GEN
T1 - Black-box decision based adversarial attack with symmetric α-stable distribution
AU - Srinivasan, Vignesh
AU - Kuruoglu, Ercan E.
AU - Müller, Klaus Robert
AU - Samek, Wojciech
AU - Nakajima, Shinichi
N1 - Funding Information:
E.E.Kuruoglu’s stay in Fraunhofer HHI was funded by CNR Short Term Mobility Program.
Funding Information:
This work was supported by the German Ministry for Education and Research as Berlin Big Data Center BBDC (funding mark 01IS18025A) and Berlin Center for Machine Learning BZML (funding mark 01IS18037I). The work of K.-R. Müller was supported by the Institute for Information and Communications Technology Promotion Grant funded by the Korea government (MSIT) (No. 2017-00451, No. 2017-0-01779).
Funding Information:
This work was supported by the German Ministry for Education and Research as Berlin Big Data Center BBDC (funding mark 01IS18025A) and Berlin Center for Machine Learning BZML (funding mark 01IS18037I). The work of K.-R. M?ller was supported by the Institute for Information and Communications Technology Promotion Grant funded by the Korea government (MSIT) (No. 2017-00451, No. 2017-0-01779). E.E.Kuruoglu's stay in Fraunhofer HHI was funded by CNR Short Term Mobility Program.
Publisher Copyright:
© 2019 IEEE
PY - 2019/9
Y1 - 2019/9
N2 - Developing techniques for adversarial attack and defense is an important research field for establishing reliable machine learning and its applications. Many existing methods employ Gaussian random variables for exploring the data space to find the most adversarial (for attacking) or least adversarial (for defense) point. However, the Gaussian distribution is not necessarily the optimal choice when the exploration is required to follow the complicated structure that most real-world data distributions exhibit. In this paper, we investigate how statistics of random variables affect such random walk exploration. Specifically, we generalize the Boundary Attack, a state-of-the-art blackbox decision based attacking strategy, and propose the Lévy-Attack, where the random walk is driven by symmetric α-stable random variables. Our experiments on MNIST and CIFAR10 datasets show that the Lévy-Attack explores the image data space more efficiently, and significantly improves the performance. Our results also give an insight into the recently found fact in the whitebox attacking scenario that the choice of the norm for measuring the amplitude of the adversarial patterns is essential.
AB - Developing techniques for adversarial attack and defense is an important research field for establishing reliable machine learning and its applications. Many existing methods employ Gaussian random variables for exploring the data space to find the most adversarial (for attacking) or least adversarial (for defense) point. However, the Gaussian distribution is not necessarily the optimal choice when the exploration is required to follow the complicated structure that most real-world data distributions exhibit. In this paper, we investigate how statistics of random variables affect such random walk exploration. Specifically, we generalize the Boundary Attack, a state-of-the-art blackbox decision based attacking strategy, and propose the Lévy-Attack, where the random walk is driven by symmetric α-stable random variables. Our experiments on MNIST and CIFAR10 datasets show that the Lévy-Attack explores the image data space more efficiently, and significantly improves the performance. Our results also give an insight into the recently found fact in the whitebox attacking scenario that the choice of the norm for measuring the amplitude of the adversarial patterns is essential.
KW - Adversarial attack
KW - Deep neural networks
KW - Image classification
KW - α-stable distribution
UR - http://www.scopus.com/inward/record.url?scp=85075609502&partnerID=8YFLogxK
U2 - 10.23919/EUSIPCO.2019.8902630
DO - 10.23919/EUSIPCO.2019.8902630
M3 - Conference contribution
AN - SCOPUS:85075609502
T3 - European Signal Processing Conference
BT - EUSIPCO 2019 - 27th European Signal Processing Conference
PB - European Signal Processing Conference, EUSIPCO
T2 - 27th European Signal Processing Conference, EUSIPCO 2019
Y2 - 2 September 2019 through 6 September 2019
ER -