期刊
INFORMATION SCIENCES
卷 601, 期 -, 页码 357-373出版社
ELSEVIER SCIENCE INC
DOI: 10.1016/j.ins.2022.04.032
关键词
Adversarial defense; Black-box attack; Online machine learning
资金
- Defence Research and Development Canada [W7701-176483, RGPIN-2018-03872]
- Natural Sciences and Engineering Research Council of Canada [950-232791]
- Canada Research Chairs Program
Recent research shows that machine learning models are susceptible to attacks from slightly perturbed adversarial samples. These attacks can be carried out in white-box or black-box scenarios. Existing defense methods are static and cannot adapt to adversarial attacks. This paper introduces a novel dynamic defense method called DyAdvDefender, which effectively utilizes previous experience to defend against black-box attacks.
Recent research indicates that machine learning models are vulnerable to adversarial samples that are slightly perturbed versions of natural samples. Adversarial samples can be crafted in white-box or black-box scenario. In the black-box scenario adversaries possess no knowledge of the detailed architecture and parameters of the model they attack, and they seek information by querying the model with multiple, slightly perturbed samples to achieve their attack purpose. The difficulty in recognizing adversarial samples arises from the fact that the perturbations are often imperceptible, yet effective in misleading machine learning models. Existing defense methods are static, and they cannot dynamically evolve to adapt to adversarial attacks, which unnecessarily disadvantages them. In this paper we propose a novel dynamic defense method called DyAdvDefender, and we show that a dynamic defense method can effectively utilize previous experience to defend against black-box attacks. Extensive experimental results suggest that DyAdvDefender outperforms existing static methods in terms of defense effectiveness while keeping the original classification accuracy with only limited extra time consumption. Crown Copyright (c) 2022 Published by Elsevier Inc. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据