APDL: an adaptive step size method for white-box adversarial attacks
Abstract Recent research has shown that deep learning models are vulnerable to adversarial attacks, including gradient attacks, which can lead to incorrect outputs. The existing gradient attack methods typically rely on repetitive multistep strategies to improve their attack success rates, resulting...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-01-01
|
| Series: | Complex & Intelligent Systems |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s40747-024-01748-x |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832571164345499648 |
|---|---|
| author | Jiale Hu Xiang Li Changzheng Liu Ronghua Zhang Junwei Tang Yi Sun Yuedong Wang |
| author_facet | Jiale Hu Xiang Li Changzheng Liu Ronghua Zhang Junwei Tang Yi Sun Yuedong Wang |
| author_sort | Jiale Hu |
| collection | DOAJ |
| description | Abstract Recent research has shown that deep learning models are vulnerable to adversarial attacks, including gradient attacks, which can lead to incorrect outputs. The existing gradient attack methods typically rely on repetitive multistep strategies to improve their attack success rates, resulting in longer training times and severe overfitting. To address these issues, we propose an adaptive perturbation-based gradient attack method with dual-loss optimization (APDL). This method adaptively adjusts the single-step perturbation magnitude based on an exponential distance function, thereby accelerating the convergence process. APDL achieves convergence in fewer than 10 iterations, outperforming the traditional nonadaptive methods and achieving a high attack success rate with fewer iterations. Furthermore, to increase the transferability of gradient attacks such as APDL across different models and reduce the effects of overfitting on the training model, we introduce a triple-differential logit fusion (TDLF) method grounded in knowledge distillation principles. This approach mitigates the edge effects associated with gradient attacks by adjusting the hardness and softness of labels. Experiments conducted on ImageNet-compatible datasets demonstrate that APDL is significantly faster than the commonly used nonadaptive methods, whereas the TDLF method exhibits strong transferability. |
| format | Article |
| id | doaj-art-4f95d25a48cb41c6a431722580ca2d40 |
| institution | Kabale University |
| issn | 2199-4536 2198-6053 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Springer |
| record_format | Article |
| series | Complex & Intelligent Systems |
| spelling | doaj-art-4f95d25a48cb41c6a431722580ca2d402025-02-02T12:48:47ZengSpringerComplex & Intelligent Systems2199-45362198-60532025-01-0111111210.1007/s40747-024-01748-xAPDL: an adaptive step size method for white-box adversarial attacksJiale Hu0Xiang Li1Changzheng Liu2Ronghua Zhang3Junwei Tang4Yi Sun5Yuedong Wang6College of Information Science and Technology, Shihezi UniversityCollege of Information Science and Technology, Shihezi UniversityCollege of Information Science and Technology, Shihezi UniversityCollege of Information Science and Technology, Shihezi UniversitySchool of Computer Science and Artificial Intelligence, Wuhan Textile UniversityCollege of Information Science and Technology, Shihezi UniversityCollege of Information Science and Technology, Shihezi UniversityAbstract Recent research has shown that deep learning models are vulnerable to adversarial attacks, including gradient attacks, which can lead to incorrect outputs. The existing gradient attack methods typically rely on repetitive multistep strategies to improve their attack success rates, resulting in longer training times and severe overfitting. To address these issues, we propose an adaptive perturbation-based gradient attack method with dual-loss optimization (APDL). This method adaptively adjusts the single-step perturbation magnitude based on an exponential distance function, thereby accelerating the convergence process. APDL achieves convergence in fewer than 10 iterations, outperforming the traditional nonadaptive methods and achieving a high attack success rate with fewer iterations. Furthermore, to increase the transferability of gradient attacks such as APDL across different models and reduce the effects of overfitting on the training model, we introduce a triple-differential logit fusion (TDLF) method grounded in knowledge distillation principles. This approach mitigates the edge effects associated with gradient attacks by adjusting the hardness and softness of labels. Experiments conducted on ImageNet-compatible datasets demonstrate that APDL is significantly faster than the commonly used nonadaptive methods, whereas the TDLF method exhibits strong transferability.https://doi.org/10.1007/s40747-024-01748-xAdversarial attacksDeep learningImage classificationWhite-box attacks |
| spellingShingle | Jiale Hu Xiang Li Changzheng Liu Ronghua Zhang Junwei Tang Yi Sun Yuedong Wang APDL: an adaptive step size method for white-box adversarial attacks Complex & Intelligent Systems Adversarial attacks Deep learning Image classification White-box attacks |
| title | APDL: an adaptive step size method for white-box adversarial attacks |
| title_full | APDL: an adaptive step size method for white-box adversarial attacks |
| title_fullStr | APDL: an adaptive step size method for white-box adversarial attacks |
| title_full_unstemmed | APDL: an adaptive step size method for white-box adversarial attacks |
| title_short | APDL: an adaptive step size method for white-box adversarial attacks |
| title_sort | apdl an adaptive step size method for white box adversarial attacks |
| topic | Adversarial attacks Deep learning Image classification White-box attacks |
| url | https://doi.org/10.1007/s40747-024-01748-x |
| work_keys_str_mv | AT jialehu apdlanadaptivestepsizemethodforwhiteboxadversarialattacks AT xiangli apdlanadaptivestepsizemethodforwhiteboxadversarialattacks AT changzhengliu apdlanadaptivestepsizemethodforwhiteboxadversarialattacks AT ronghuazhang apdlanadaptivestepsizemethodforwhiteboxadversarialattacks AT junweitang apdlanadaptivestepsizemethodforwhiteboxadversarialattacks AT yisun apdlanadaptivestepsizemethodforwhiteboxadversarialattacks AT yuedongwang apdlanadaptivestepsizemethodforwhiteboxadversarialattacks |