Design And Implementation Of Adversarial Example Generation System Based On Evolutionary Computation

Because of its outstanding effect,neural network is more and more applied to various fields,including security sensitive fields,such as automatic driving,identity verification(face recognition),malicious code detection and so on.But in recent years,scholars have found that neural networks are very easy to be cheated.For example,an invisible disturbance can make the image classifier error.If this kind of security problem is exploited by malicious attackers,it will cause very serious security accidents.The study of strong adversarial example attack is an essential part to promote the development of neural network security.In order to design a more powerful method adversarial example attack,this paper divides the generation process of adversarial example to preprocessing stage and generation stage.In the preprocessing stage,aiming at the problem of unstable attack caused by different attack difficulty of attack pairs(including an original example and a target example),taking the image recognition field as an example,an attack distance measurement method based on decision boundary length is designed,which provides a measurement method for attack difficulty of attack pairs.On this basis,a filtering method of attack pairs based on attack distance is designed to filter out the attack pairs that are difficult to attack before the attack starts,so as to improve the attack effect without modifying the attack algorithm.In the stage of generation,aiming at the problem that the attack pair will limit the generation direction of adversarial examples,an adaptive method of orthogonal disturbance based on decision boundary is designed to jump out of the concave point(locally optimal solution)of decision boundary by taking advantage of the fact that orthogonal disturbance has little influence on the final disturbance.At the same time,aiming at the problem of slow speed of adversarial examples generation,the(1 + 1)CMA-ES algorithm is improved to(1 + 1)VMA-ES.Then we design a generating method of adversarial examples based on(1 + 1)VMA-ES,which greatly improves the query efficiency of the adversarial examples generation process.Experiments show that compared with the un-filtered attack pairs,the overall effect of the filtered attack pairs is improved by 42.07%,the attack efficiency is improved by 24.99%,and the variance is stabilized by 76.23%.At the same time,under the same number of queries,the average disturbance size of the adversarial examples generated by our system is reduced by 36%,which makes the adversarial examples more hidden.The results show that selecting attack pairs can greatly improve the overall attack effect,and the adaptive orthogonal step size adjustment is beneficial to jump out of the decision boundary and reduce the disturbance size of the adversarial examples.