The Generation Of Universality And Exclusivity Of Adversarial Examples

Recently,with the artificial intelligence represented by neural networks,becoming more and more sought by researchers and the public,new scientific research results and practical applications have been increasing.But the security problem of artificial intelligence itself has gradually become an urgent problem to be solved.Among them,the research on adversarial examples is one of the representative directions.However,due to the immature theory and technology,adversarial examples attacking is still inadequate in real world.This paper analyzes the existing adversarial examples attack methods and the requirements in actual attack scenarios,in order to proposes two attack methods that can help the practical application of adversarial examples.The first work is to analyze the mechanism of ensemble attacks to obtain universality,and propose that the ensemble attacks can be used to obtain the exclusivity of the adversarial examples.Then,extend this exclusive attack to the shadow networks attack.After that,introduce a query-based model stealing method,using the stealing network as a shadow network,to realize the process of turning a black box into a semi-black-box,and conduct an exclusive attack.So far,a semi-black-box exclusive adversarial examples generation method has been completed.The second work first analyzes the existing conclusion,that the noise in the adversarial examples contain information.Based on this,this paper innovatively proposed that the noise of the adversarial examples can be used to predict the adversarial examples have universality or not.In this paper,a classify network for predicting the universal existence of adversarial examples using noise prediction is trained,and a series of experiments are conducted to discover the various properties of this classifier proposed in this paper.Then,the adversarial examples generation algorithm is used as a method,to move the examples in a specified direction,so that the adversarial examples are directed to move according to the trained universality classifier,so that the adversarial samples have a higher universality.So far,a black-box method for universally obtaining adversarial examples based on noise classification was completed.Our experiments show that,in our first work,the adversarial examples we get has extremely exclusive.The attack successful rate on the network we don’t want to attack,can be dropped from 60% ～ 70% to under 2%,with the attack success rate of the main attack network being basically unchanged.In the second work,the innovative classifier we propose,which ca predicts whether the adversarial sample has universality based on noise,can reach a success rate of above 90%.According to this classifier,our universal acquisition operation can increase the attack success rate of the adversarial examples on the black-box network to 90% ～ 97%,which is 70% at most before.The universality has been significantly improved.It can be considered that the two methods we proposed are effective and have a certain promotion effect on the expansion of the application scenario of the adversarial examples.