ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions

Pu Zhao, Kaidi Xu, Sijia Liu, Yanzhi Wang, Xue Lin

Research output: Chapter in Book/Entry/PoemConference contribution

12 Scopus citations

Abstract

Many recent studies demonstrate that state-of-the-art Deep neural networks (DNNs) might be easily fooled by adversarial examples, generated by adding carefully crafted and visually imperceptible distortions onto original legal inputs through adversarial attacks. Adversarial examples can lead the DNN to misclassify them as any target labels. In the literature, various methods are proposed to minimize the different ℓp norms of the distortion. However, there lacks a versatile framework for all types of adversarial attacks. To achieve a better understanding for the security properties of DNNs, we propose a general framework for constructing adversarial examples by leveraging Alternating Direction Method of Multipliers (ADMM) to split the optimization approach for effective minimization of various ℓp norms of the distortion, including ℓ0, ℓ1, ℓ2, and ℓ∞ norms. Thus, the proposed general framework unifies the methods of crafting ℓ0, ℓ1, ℓ2, and ℓ∞ attacks. The experimental results demonstrate that the proposed ADMM attacks achieve both the high attack success rate and the minimal distortion for the misclassification compared with state-of-the-art attack methods.

Original languageEnglish (US)
Title of host publicationASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages538-543
Number of pages6
ISBN (Electronic)9781450360074
DOIs
StatePublished - Jan 21 2019
Event24th Asia and South Pacific Design Automation Conference, ASPDAC 2019 - Tokyo, Japan
Duration: Jan 21 2019Jan 24 2019

Publication series

NameProceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC

Conference

Conference24th Asia and South Pacific Design Automation Conference, ASPDAC 2019
Country/TerritoryJapan
CityTokyo
Period1/21/191/24/19

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design

Fingerprint

Dive into the research topics of 'ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions'. Together they form a unique fingerprint.

Cite this