TY - GEN
T1 - Generation of low distortion adversarial attacks via convex programming
AU - Zhang, Tianyun
AU - Liu, Sijia
AU - Wang, Yanzhi
AU - Fardad, Makan
N1 - Funding Information:
VI. ACKNOWLEDGMENTS This research was supported by the National Science Foundation under awards CAREER CMMI-1750531, ECCS-1609916, CNS-1739748, and CNS-1704662.
PY - 2019/11
Y1 - 2019/11
N2 - As deep neural networks (DNNs) achieve extraordinary performance in a wide range of tasks, testing their robustness under adversarial attacks becomes paramount. Adversarial attacks, also known as adversarial examples, are used to measure the robustness of DNNs and are generated by incorporating imperceptible perturbations into the input data with the intention of altering a DNN's classification. In prior work in this area, most of the proposed optimization based methods employ gradient descent to find adversarial examples. In this paper, we present an innovative method which generates adversarial examples via convex programming. Our experiment results demonstrate that we can generate adversarial examples with lower distortion and higher transferability than the C&W attack, which is the current state-of-the-art adversarial attack method for DNNs. We achieve 100% attack success rate on both the original undefended models and the adversarially-trained models. Our distortions of the L-inf attack are respectively 31% and 18% lower than the C&W attack for the best case and average case on the CIFAR-10 data set.
AB - As deep neural networks (DNNs) achieve extraordinary performance in a wide range of tasks, testing their robustness under adversarial attacks becomes paramount. Adversarial attacks, also known as adversarial examples, are used to measure the robustness of DNNs and are generated by incorporating imperceptible perturbations into the input data with the intention of altering a DNN's classification. In prior work in this area, most of the proposed optimization based methods employ gradient descent to find adversarial examples. In this paper, we present an innovative method which generates adversarial examples via convex programming. Our experiment results demonstrate that we can generate adversarial examples with lower distortion and higher transferability than the C&W attack, which is the current state-of-the-art adversarial attack method for DNNs. We achieve 100% attack success rate on both the original undefended models and the adversarially-trained models. Our distortions of the L-inf attack are respectively 31% and 18% lower than the C&W attack for the best case and average case on the CIFAR-10 data set.
KW - Adversarial attack
KW - Convex programming
KW - Deep neural networks
UR - http://www.scopus.com/inward/record.url?scp=85078885045&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85078885045&partnerID=8YFLogxK
U2 - 10.1109/ICDM.2019.00195
DO - 10.1109/ICDM.2019.00195
M3 - Conference contribution
AN - SCOPUS:85078885045
T3 - Proceedings - IEEE International Conference on Data Mining, ICDM
SP - 1486
EP - 1491
BT - Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019
A2 - Wang, Jianyong
A2 - Shim, Kyuseok
A2 - Wu, Xindong
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 19th IEEE International Conference on Data Mining, ICDM 2019
Y2 - 8 November 2019 through 11 November 2019
ER -