Adversarial Example Generation Algorithm Based on Stable Adam and Space Domain Transformation
Deep neural networks have been widely used in natural language processing,target detection,and image classification.However,relevant studies have shown that deep neural networks are vulnerable to counter-sample attacks.Several existing attacks are based on the fast gradient sign method,which adds a disturbance of the same size to the input to achieve an attack effect.Although these methods are effective,they are not conducive to quickly finding adversarial examples with generalization ability.Therefore,to generalize the countermeasure samples,a gradient optimization method for stable adaptive moment estimation and spatial domain transformation is proposed to improve the existing algorithm for countermeasure sample generation.First,the Nesterov algorithm is introduced to update the first-order moment estimation.Inspired by the AdaBelief algorithm,the Belief parameter is introduced to the second-order moment estimation,and the decay step is calculated according to the exponential decay rate to obtain a more stable gradient.In addition,from the perspective of data enhancement,transforming the input samples in the spatial domain during the generation of confrontation samples is proposed.Unlike existing methods,this method updates the original gradient by weighting the gradients of different transformations to improve the mobility of confrontation samples.The experimental results show that the combination of the improved adaptive moment estimation and spatial-domain transformation gradient weighting algorithms can effectively improve the attack accuracy and mobility of adversarial samples.The white box attack success rate of the samples remains above 99.6%,while the black box attack success rate increases to 74.5%.
国家科技期刊平台
NSTL
万方数据
维普
