Generation of low distortion adversarial attacks via convex programming

Tianyun Zhang; Sijia Liu; Yanzhi Wang; Makan Fardad

doi:10.1109/ICDM.2019.00195

Generation of low distortion adversarial attacks via convex programming

Tianyun Zhang, Sijia Liu, Yanzhi Wang, Makan Fardad

Department of Electrical Engineering & Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

As deep neural networks (DNNs) achieve extraordinary performance in a wide range of tasks, testing their robustness under adversarial attacks becomes paramount. Adversarial attacks, also known as adversarial examples, are used to measure the robustness of DNNs and are generated by incorporating imperceptible perturbations into the input data with the intention of altering a DNN's classification. In prior work in this area, most of the proposed optimization based methods employ gradient descent to find adversarial examples. In this paper, we present an innovative method which generates adversarial examples via convex programming. Our experiment results demonstrate that we can generate adversarial examples with lower distortion and higher transferability than the C&W attack, which is the current state-of-the-art adversarial attack method for DNNs. We achieve 100% attack success rate on both the original undefended models and the adversarially-trained models. Our distortions of the L-inf attack are respectively 31% and 18% lower than the C&W attack for the best case and average case on the CIFAR-10 data set.

Original language	English (US)
Title of host publication	Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019
Editors	Jianyong Wang, Kyuseok Shim, Xindong Wu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1486-1491
Number of pages	6
ISBN (Electronic)	9781728146034
DOIs	https://doi.org/10.1109/ICDM.2019.00195
State	Published - Nov 2019
Event	19th IEEE International Conference on Data Mining, ICDM 2019 - Beijing, China Duration: Nov 8 2019 → Nov 11 2019

Publication series

Name	Proceedings - IEEE International Conference on Data Mining, ICDM
Volume	2019-November
ISSN (Print)	1550-4786

Conference

Conference	19th IEEE International Conference on Data Mining, ICDM 2019
Country	China
City	Beijing
Period	11/8/19 → 11/11/19

Keywords

Adversarial attack
Convex programming
Deep neural networks

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1109/ICDM.2019.00195

Fingerprint Dive into the research topics of 'Generation of low distortion adversarial attacks via convex programming'. Together they form a unique fingerprint.

Cite this

Zhang, T., Liu, S., Wang, Y., & Fardad, M. (2019). Generation of low distortion adversarial attacks via convex programming. In J. Wang, K. Shim, & X. Wu (Eds.), Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019 (pp. 1486-1491). [8970743] (Proceedings - IEEE International Conference on Data Mining, ICDM; Vol. 2019-November). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDM.2019.00195

Generation of low distortion adversarial attacks via convex programming. / Zhang, Tianyun; Liu, Sijia; Wang, Yanzhi; Fardad, Makan.

Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019. ed. / Jianyong Wang; Kyuseok Shim; Xindong Wu. Institute of Electrical and Electronics Engineers Inc., 2019. p. 1486-1491 8970743 (Proceedings - IEEE International Conference on Data Mining, ICDM; Vol. 2019-November).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zhang, T, Liu, S, Wang, Y & Fardad, M 2019, Generation of low distortion adversarial attacks via convex programming. in J Wang, K Shim & X Wu (eds), Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019., 8970743, Proceedings - IEEE International Conference on Data Mining, ICDM, vol. 2019-November, Institute of Electrical and Electronics Engineers Inc., pp. 1486-1491, 19th IEEE International Conference on Data Mining, ICDM 2019, Beijing, China, 11/8/19. https://doi.org/10.1109/ICDM.2019.00195

Zhang T, Liu S, Wang Y, Fardad M. Generation of low distortion adversarial attacks via convex programming. In Wang J, Shim K, Wu X, editors, Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 1486-1491. 8970743. (Proceedings - IEEE International Conference on Data Mining, ICDM). https://doi.org/10.1109/ICDM.2019.00195

Zhang, Tianyun ; Liu, Sijia ; Wang, Yanzhi ; Fardad, Makan. / Generation of low distortion adversarial attacks via convex programming. Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019. editor / Jianyong Wang ; Kyuseok Shim ; Xindong Wu. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 1486-1491 (Proceedings - IEEE International Conference on Data Mining, ICDM).

@inproceedings{45e8b846b9f346e382b1d1109f44a7dd,

title = "Generation of low distortion adversarial attacks via convex programming",

abstract = "As deep neural networks (DNNs) achieve extraordinary performance in a wide range of tasks, testing their robustness under adversarial attacks becomes paramount. Adversarial attacks, also known as adversarial examples, are used to measure the robustness of DNNs and are generated by incorporating imperceptible perturbations into the input data with the intention of altering a DNN's classification. In prior work in this area, most of the proposed optimization based methods employ gradient descent to find adversarial examples. In this paper, we present an innovative method which generates adversarial examples via convex programming. Our experiment results demonstrate that we can generate adversarial examples with lower distortion and higher transferability than the C&W attack, which is the current state-of-the-art adversarial attack method for DNNs. We achieve 100% attack success rate on both the original undefended models and the adversarially-trained models. Our distortions of the L-inf attack are respectively 31% and 18% lower than the C&W attack for the best case and average case on the CIFAR-10 data set.",

keywords = "Adversarial attack, Convex programming, Deep neural networks",

author = "Tianyun Zhang and Sijia Liu and Yanzhi Wang and Makan Fardad",

year = "2019",

month = nov,

doi = "10.1109/ICDM.2019.00195",

language = "English (US)",

series = "Proceedings - IEEE International Conference on Data Mining, ICDM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1486--1491",

editor = "Jianyong Wang and Kyuseok Shim and Xindong Wu",

booktitle = "Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019",

note = "19th IEEE International Conference on Data Mining, ICDM 2019 ; Conference date: 08-11-2019 Through 11-11-2019",

}

TY - GEN

T1 - Generation of low distortion adversarial attacks via convex programming

AU - Zhang, Tianyun

AU - Liu, Sijia

AU - Wang, Yanzhi

AU - Fardad, Makan

PY - 2019/11

Y1 - 2019/11

N2 - As deep neural networks (DNNs) achieve extraordinary performance in a wide range of tasks, testing their robustness under adversarial attacks becomes paramount. Adversarial attacks, also known as adversarial examples, are used to measure the robustness of DNNs and are generated by incorporating imperceptible perturbations into the input data with the intention of altering a DNN's classification. In prior work in this area, most of the proposed optimization based methods employ gradient descent to find adversarial examples. In this paper, we present an innovative method which generates adversarial examples via convex programming. Our experiment results demonstrate that we can generate adversarial examples with lower distortion and higher transferability than the C&W attack, which is the current state-of-the-art adversarial attack method for DNNs. We achieve 100% attack success rate on both the original undefended models and the adversarially-trained models. Our distortions of the L-inf attack are respectively 31% and 18% lower than the C&W attack for the best case and average case on the CIFAR-10 data set.

AB - As deep neural networks (DNNs) achieve extraordinary performance in a wide range of tasks, testing their robustness under adversarial attacks becomes paramount. Adversarial attacks, also known as adversarial examples, are used to measure the robustness of DNNs and are generated by incorporating imperceptible perturbations into the input data with the intention of altering a DNN's classification. In prior work in this area, most of the proposed optimization based methods employ gradient descent to find adversarial examples. In this paper, we present an innovative method which generates adversarial examples via convex programming. Our experiment results demonstrate that we can generate adversarial examples with lower distortion and higher transferability than the C&W attack, which is the current state-of-the-art adversarial attack method for DNNs. We achieve 100% attack success rate on both the original undefended models and the adversarially-trained models. Our distortions of the L-inf attack are respectively 31% and 18% lower than the C&W attack for the best case and average case on the CIFAR-10 data set.

KW - Adversarial attack

KW - Convex programming

KW - Deep neural networks

UR - http://www.scopus.com/inward/record.url?scp=85078885045&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078885045&partnerID=8YFLogxK

U2 - 10.1109/ICDM.2019.00195

DO - 10.1109/ICDM.2019.00195

M3 - Conference contribution

AN - SCOPUS:85078885045

T3 - Proceedings - IEEE International Conference on Data Mining, ICDM

SP - 1486

EP - 1491

BT - Proceedings - 19th IEEE International Conference on Data Mining, ICDM 2019

A2 - Wang, Jianyong

A2 - Shim, Kyuseok

A2 - Wu, Xindong

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 19th IEEE International Conference on Data Mining, ICDM 2019

Y2 - 8 November 2019 through 11 November 2019

ER -