TY - GEN
T1 - An ADMM-based universal framework for adversarial attacks on deep neural networks
AU - Zhao, Pu
AU - Wang, Yanzhi
AU - Liu, Sijia
AU - Lin, Xue
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/10/15
Y1 - 2018/10/15
N2 - Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. In a successful adversarial attack, the targeted mis-classification should be achieved with the minimal distortion added. In the literature, the added distortions are usually measured by L 0 , L 1 , L 2 , and L ∞ norms, namely, L 0 , L 1 , L 2 , and L ∞ attacks, respectively. However, there lacks a versatile framework for all types of adversarial attacks. This work for the first time unifies the methods of generating adversarial examples by leveraging ADMM (Alternating Direction Method of Multipliers), an operator splitting optimization approach, such that L 0 , L 1 , L 2 , and L ∞ attacks can be effectively implemented by this general framework with little modifications. Comparing with the state-of-the-art attacks in each category, our ADMM-based attacks are so far the strongest, achieving both the 100% attack success rate and the minimal distortion.
AB - Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. In a successful adversarial attack, the targeted mis-classification should be achieved with the minimal distortion added. In the literature, the added distortions are usually measured by L 0 , L 1 , L 2 , and L ∞ norms, namely, L 0 , L 1 , L 2 , and L ∞ attacks, respectively. However, there lacks a versatile framework for all types of adversarial attacks. This work for the first time unifies the methods of generating adversarial examples by leveraging ADMM (Alternating Direction Method of Multipliers), an operator splitting optimization approach, such that L 0 , L 1 , L 2 , and L ∞ attacks can be effectively implemented by this general framework with little modifications. Comparing with the state-of-the-art attacks in each category, our ADMM-based attacks are so far the strongest, achieving both the 100% attack success rate and the minimal distortion.
KW - ADMM (Alternating Direction Method of Multipliers)
KW - Adversarial attacks
KW - Deep neural networks
UR - http://www.scopus.com/inward/record.url?scp=85058214859&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85058214859&partnerID=8YFLogxK
U2 - 10.1145/3240508.3240639
DO - 10.1145/3240508.3240639
M3 - Conference contribution
AN - SCOPUS:85058214859
T3 - MM 2018 - Proceedings of the 2018 ACM Multimedia Conference
SP - 1065
EP - 1073
BT - MM 2018 - Proceedings of the 2018 ACM Multimedia Conference
PB - Association for Computing Machinery, Inc
T2 - 26th ACM Multimedia conference, MM 2018
Y2 - 22 October 2018 through 26 October 2018
ER -