Hybrid Gradient Model Based Black-Box Adversarial Attack

As an important part of the artificial intelligence,deep learning system has become the research hot-spot and mainstream direction in the field of machine learning because of its simplicity,efficiency and ability to solve a variety of complex problems.However,the deep learning system is facing challenges as well as providing a wide range of public expectations.For example,the adversarial example problem of neural network can cause serious malicious damage to the neural network system based on deep learning,and will have a devastating impact on the larger scale and wider range of artificial intelligence system.Therefore,this thesis focuses on the study of neural network system and adversarial example problem.From the perspective of adversarial example and neural networks,this thesis expounds the generation of adversarial example and the reasons for the low mobility of their black-box models,i.e.,the generation and migration of adversarial example caused by the decision boundary problems between different models;introduces the relevant algorithms and concepts of attack and defense of adversarial example,such as gradient and non-gradient attack algorithms,and various defense strategies In this thesis,a new hybrid adversarial attack algorithm is designed,which includes the adversarial knowledge distillation technology,attack target fusion technology and auto-encoder preprocessing technology This thesis analyzes the functions of the three modules and the goals and principles of the three modules.Finally,through the integration of the three technologies,it is found that the adversarial example generated by the non-gradient based hybrid adversarial attack algorithm can effectively improve the attack success rate in traditional black-box neural network models.In this experiment,the proposed algorithm is compared with the traditional algorithm related to the industry,and it can be found that the attack algorithm proposed in this thesis can achieve as high as 50% for the black-box model to enhance the effectiveness of adversarial example migration.At the same time,this thesis also gives conjectures and explanations for the phenomena and problems in the process of experiment.