Model scheduling and sample selection for ensemble adversarial example attacks
作者:
Highlights:
• To our knowledge, we are the first to study model scheduling for multi-stage adversarial example ensemble attacks. We propose an effective model scheduling strategy by simultaneously considering two criteria: decision boundary similarity and model diversity.
• To further reduce overheads and improve transferability, we propose a novel sample selection strategy for multi-stage ensemble attacks, which can pick out those legitimate examples for adversarial example generation.
• Extensive experiments demonstrate that our model scheduling based ensemble attack performs better than the state-of-the-art attacks SCES, SMBEA and EnsembleFool, and the proposed sample selection strategy can improve attack success rate by about 138%.
摘要
•To our knowledge, we are the first to study model scheduling for multi-stage adversarial example ensemble attacks. We propose an effective model scheduling strategy by simultaneously considering two criteria: decision boundary similarity and model diversity.•To further reduce overheads and improve transferability, we propose a novel sample selection strategy for multi-stage ensemble attacks, which can pick out those legitimate examples for adversarial example generation.•Extensive experiments demonstrate that our model scheduling based ensemble attack performs better than the state-of-the-art attacks SCES, SMBEA and EnsembleFool, and the proposed sample selection strategy can improve attack success rate by about 138%.
论文关键词:Adversarial example,Black-box attack,Model scheduling,Sample selection
论文评审过程:Received 3 July 2021, Revised 1 May 2022, Accepted 2 June 2022, Available online 3 June 2022, Version of Record 13 June 2022.
论文官网地址:https://doi.org/10.1016/j.patcog.2022.108824