Design And Implementation Of Image Recognition Adversrial System Based On Black-Box Attack Technology

With the development of artificial intelligence technology,AI-based systems and applications continue to increase,and various products and services are gradually applied in the industry.In fact,the rise of artificial intelligence technology is mainly based on the breakthrough made by deep learning models in machine learning tasks.But recent studies show that deep neural networks are vulnerable to adversarial attack and the research of adversarial attack has become a hotspot in the field of artificial intelligence security.The research on adversarial attack has positive significance for evaluating the integrity and security of the deployed machine learning algorithms,evaluating the robustness of the model and promoting the generation of defense algorithms.In the field of adversarial attack,the decision-based black-box attack is one of the most challenging problems.The attack only through a limited query of the model to obtain corresponding hard-label decisions without obtaining the information of other models.Decision-based black-box attacks usually have the problems of high query times and low attack success rate.From the perspective of evaluating defense mechanisms,a smaller query budget means a lower cost of evaluation and research,and a higher query efficiency and success rate can help save the cost of evaluating the robustness of a common platform.Therefore,this paper studies how to further improve the performance of decision-based black-box attack.Specifically,it includes the following contents.Firstly,on the basis of brief introduction of the concept of adversarial sample and its causes,the main ideas of the decision-based black-box attack method are analyzed,and the characteristics and application scenarios of the latest decisionbased black-box attack method are reviewed.Through analysis and summary,the idea and technical route of optimizing black-box attack are put forward.Secondly,in view of the optimization-based attack method,the total number of queries of the model is still very high and the attack time of this method is long.On the other hand,this attack does not work well especially for high-dimensional datasets.This paper proposes an improved strategy that stochastic coordinate selection method and conducts comparative experiments on CIFAR-10 and Image Net dataset.The improved method performs better in high-dimensional datasets,converges to a smaller perturbation,and shortens the attack time.Thirdly,it is aimed at the evolutionary attack has large convergence perturbation and lower success rate of attack.This paper proposed one improved strategy is the low frequency perturbation based on the discrete cosine transform.The experimental verification is carried out on the CIFAR-10 dataset.Under the same query times limit,the improved method converges faster.On the other hand,the improved method can find lower perturbations and increase the success rate of the attack,especially for the query number limit of several hundred times,the improved method is more effective.Finally,based on the above research content,this paper designs and implements an image recognition adversarial attack system for image recognition.A large number of qualitative and quantitative experiments are carried out to verify the effectiveness of the method.The experimental results show that the improved attack method can improve the query efficiency and attack success rate while getting lower perturbations,that is it can generate better adversarial samples.The improved method improved the performance of the decision-based black box attack.