Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks
Deep neural networks yield desirable performance in text, image, and speech classification. However, these networks are vulnerable to adversarial examples. An adversarial example is a sample generated by inserting a small amount of noise into an original sample (with minimal distortion) such that it...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10046665/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849420307952041984 |
|---|---|
| author | Hyun Kwon Sunghwan Kim |
| author_facet | Hyun Kwon Sunghwan Kim |
| author_sort | Hyun Kwon |
| collection | DOAJ |
| description | Deep neural networks yield desirable performance in text, image, and speech classification. However, these networks are vulnerable to adversarial examples. An adversarial example is a sample generated by inserting a small amount of noise into an original sample (with minimal distortion) such that it is recognized incorrectly by the targeted model. A typical method of attack using adversarial examples must satisfy two conditions: the distortion of the original sample must be kept to a minimum and misrecognition must be induced in the targeted deep neural network. Therefore, considerable time and numerous iterations are required to generate an adversarial example because both the conditions must be satisfied during the generation process. However, there are cases in which it may be desirable to generate an adversarial example that acts quickly to induce misrecognition in the deep neural network without considering the amount of distortion applied to the original sample. In this paper, we propose a dual-mode method for creating adversarial examples that allows the user to prioritize the malfunctioning of deep neural networks according to the situation. The proposed method generates an adversarial example using one of two modes: mode 1, which takes the level of distortion into account, and mode 0, which does not consider distortion and can generate examples rapidly. To evaluate the method experimentally, MNIST and CIFAR10 were used as the datasets. The results show that the proposed method can generate a targeted or untargeted adversarial example for MNIST with 50% fewer iterations using mode 0 than using mode 1. For CIFAR10, the reduction in the number of iterations that can be achieved using mode 0 is 80% and 88% for targeted and untargeted adversarial examples, respectively, and the attack success rate is 100%. |
| format | Article |
| id | doaj-art-5aba28d7b96e4bf5a0b69edce083319f |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-5aba28d7b96e4bf5a0b69edce083319f2025-08-20T03:31:47ZengIEEEIEEE Access2169-35362025-01-011312297212298110.1109/ACCESS.2023.324563210046665Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural NetworksHyun Kwon0https://orcid.org/0000-0003-1169-9892Sunghwan Kim1https://orcid.org/0000-0002-0442-7795Department of Artificial Intelligence and Data Science, Korea Military Academy, Seoul, South KoreaDepartment of Applied Statistics, Konkuk University, Seoul, South KoreaDeep neural networks yield desirable performance in text, image, and speech classification. However, these networks are vulnerable to adversarial examples. An adversarial example is a sample generated by inserting a small amount of noise into an original sample (with minimal distortion) such that it is recognized incorrectly by the targeted model. A typical method of attack using adversarial examples must satisfy two conditions: the distortion of the original sample must be kept to a minimum and misrecognition must be induced in the targeted deep neural network. Therefore, considerable time and numerous iterations are required to generate an adversarial example because both the conditions must be satisfied during the generation process. However, there are cases in which it may be desirable to generate an adversarial example that acts quickly to induce misrecognition in the deep neural network without considering the amount of distortion applied to the original sample. In this paper, we propose a dual-mode method for creating adversarial examples that allows the user to prioritize the malfunctioning of deep neural networks according to the situation. The proposed method generates an adversarial example using one of two modes: mode 1, which takes the level of distortion into account, and mode 0, which does not consider distortion and can generate examples rapidly. To evaluate the method experimentally, MNIST and CIFAR10 were used as the datasets. The results show that the proposed method can generate a targeted or untargeted adversarial example for MNIST with 50% fewer iterations using mode 0 than using mode 1. For CIFAR10, the reduction in the number of iterations that can be achieved using mode 0 is 80% and 88% for targeted and untargeted adversarial examples, respectively, and the attack success rate is 100%.https://ieeexplore.ieee.org/document/10046665/Evasion attackdeep neural networkimage classificationconvolutional neural network |
| spellingShingle | Hyun Kwon Sunghwan Kim Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks IEEE Access Evasion attack deep neural network image classification convolutional neural network |
| title | Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks |
| title_full | Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks |
| title_fullStr | Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks |
| title_full_unstemmed | Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks |
| title_short | Dual-Mode Method for Generating Adversarial Examples to Attack Deep Neural Networks |
| title_sort | dual mode method for generating adversarial examples to attack deep neural networks |
| topic | Evasion attack deep neural network image classification convolutional neural network |
| url | https://ieeexplore.ieee.org/document/10046665/ |
| work_keys_str_mv | AT hyunkwon dualmodemethodforgeneratingadversarialexamplestoattackdeepneuralnetworks AT sunghwankim dualmodemethodforgeneratingadversarialexamplestoattackdeepneuralnetworks |