您的位置: 首页  >  文章  >  【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS

【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS

分类: 文章 2025-01-01 21:59:22

核心思路:

  1. 单个模型攻击单个模型:
    提出失真率RMSD:【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    ①基于优化的(Adam)方法【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    ②基于梯度的方法(FG,FGS等)【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    用上面俩种方法产生对抗扰动来迁移攻击,结果为:
    非目标:
    【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    目标:相当差,几乎没用。增大扰动也不行。

    此外,作者还特地验证一下对抗样本最小可转移RMSD,得出结论FG比FGSM更适合转移:
    【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    2.重点来了:集成攻击:(用4个白盒模型生成攻击对象攻击一个黑盒模型):
    【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    ①基于优化:很好
    【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS
    ②基于梯度:不行(因为不同的模型梯度方向可能几乎是正交的)

3.模型边界的几何特性:
① 模型的梯度可能正交
②模型(非目标)的决策边界相似,且即使朝梯度增加方向也会出边界而且比随机快。(畸变非线性) 【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS③一个平面中攻击种类最多就21个,跟总种类1000比起来太少,所以梯度攻击可能不适合大数据集迁移
④非目标整体几乎一致,目标攻击中心几乎一致。【迁移攻击笔记】模型决策空间の几何规律!集成攻击の提出!DELVING INTO TRANSFERABLE ADVERSARIAL EXAMPLES AND BLACK-BOX ATTACKS

希望路过这儿的你可以关注我一下~~我会定期更新一系列阅读笔记和总结,加入自己的见解和思路,希望能对你有用~

相关推荐