S-JSMA:A fast JSMA adversarial example generation method with low disturbance redundancy
Techniques based on deep learning neural network models are widely used in computer vi-sion,natural language processing,and other fields.However,researchers have found that neural net-work models have significant security risks,such as vulnerability to adversarial sample attacks.Study-ing the techniques related to adversarial samples for image classification can help people recognize the vulnerability of neural network models,which in turn can promote the research of security hardening mechanisms for related models.To overcome the challenges of high time overhead and perturbation re-dundancy of the JSMA method,a fast JSMA adversarial example generation method with low distur-bance redundancy called S-JSMA is proposed.The S-JSMA method replaces the iterative operation with a single-step one to simplify the work flow of the JSMA algorithm.Moreover,the proposed method a-dopts a simple perturbation rule rather than the salient graph based perturbation used in JSMA.Conse-quently,S-JSMA significantly reduces the time overhead and the disturbance redundancy of generating adversarial examples.The experimental results on the MN1ST dataset demonstrate that,compared with the JSMA and the FGSM methods,the proposed S-JSMA achieves considerable attacking effects with a significantly shorter time period.
deep learningneural networkimage classificationadversarial example
国家科技期刊平台
NSTL
万方数据
