D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation
The susceptibility of deep neural networks (DNNs) to adversarial examples has prompted an increase in the deployment of adversarial attacks. Image-agnostic universal adversarial perturbations (UAPs) are much more threatening, but many limitations exist to implementing UAPs in real-world scenarios wh...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10542123/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849421753661521920 |
|---|---|
| author | Geunhyeok Yu Minwoo Jeon Hyoseok Hwang |
| author_facet | Geunhyeok Yu Minwoo Jeon Hyoseok Hwang |
| author_sort | Geunhyeok Yu |
| collection | DOAJ |
| description | The susceptibility of deep neural networks (DNNs) to adversarial examples has prompted an increase in the deployment of adversarial attacks. Image-agnostic universal adversarial perturbations (UAPs) are much more threatening, but many limitations exist to implementing UAPs in real-world scenarios where only binary decisions are returned. In this research, we propose D-BADGE, a novel method to craft universal adversarial perturbations for executing decision- To primarily optimize perturbation by focusing on decisions, we consider the direction of these updates as the primary factor and the magnitude of updates as the secondary factor. First, we employ Hamming loss that measures the distance from distributions of ground truth and accumulating decisions in batches to determine the magnitude of the gradient. This magnitude is applied in the direction of the revised simultaneous perturbation stochastic approximation (SPSA) to update the perturbation. This simple yet efficient decision-based method functions similarly to a score-based attack, enabling the generation of UAPs in real-world scenarios, and can be easily extended to targeted attacks. Experimental validation across multiple victim models demonstrates that the D-BADGE outperforms existing attack methods, even image-specific and score-based attacks. In particular, our proposed method shows a superior attack success rate with less training time. The research also shows that D-BADGE can successfully deceive unseen victim models and accurately target specific classes. |
| format | Article |
| id | doaj-art-6d44444686fe49619c299c24d64d7b46 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-6d44444686fe49619c299c24d64d7b462025-08-20T03:31:23ZengIEEEIEEE Access2169-35362024-01-0112807708078010.1109/ACCESS.2024.340709710542123D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient EstimationGeunhyeok Yu0https://orcid.org/0009-0003-4912-2084Minwoo Jeon1Hyoseok Hwang2https://orcid.org/0000-0003-3241-8455Department of Software Convergence, Kyung Hee University, Yongin-si, Republic of KoreaDepartment of Software Convergence, Kyung Hee University, Yongin-si, Republic of KoreaDepartment of Software Convergence, Kyung Hee University, Yongin-si, Republic of KoreaThe susceptibility of deep neural networks (DNNs) to adversarial examples has prompted an increase in the deployment of adversarial attacks. Image-agnostic universal adversarial perturbations (UAPs) are much more threatening, but many limitations exist to implementing UAPs in real-world scenarios where only binary decisions are returned. In this research, we propose D-BADGE, a novel method to craft universal adversarial perturbations for executing decision- To primarily optimize perturbation by focusing on decisions, we consider the direction of these updates as the primary factor and the magnitude of updates as the secondary factor. First, we employ Hamming loss that measures the distance from distributions of ground truth and accumulating decisions in batches to determine the magnitude of the gradient. This magnitude is applied in the direction of the revised simultaneous perturbation stochastic approximation (SPSA) to update the perturbation. This simple yet efficient decision-based method functions similarly to a score-based attack, enabling the generation of UAPs in real-world scenarios, and can be easily extended to targeted attacks. Experimental validation across multiple victim models demonstrates that the D-BADGE outperforms existing attack methods, even image-specific and score-based attacks. In particular, our proposed method shows a superior attack success rate with less training time. The research also shows that D-BADGE can successfully deceive unseen victim models and accurately target specific classes.https://ieeexplore.ieee.org/document/10542123/Deep neural networksuniversal decision-based adversarial attackimage classificationrepresentation learningvulnerabilityzeroth-order optimization |
| spellingShingle | Geunhyeok Yu Minwoo Jeon Hyoseok Hwang D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation IEEE Access Deep neural networks universal decision-based adversarial attack image classification representation learning vulnerability zeroth-order optimization |
| title | D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation |
| title_full | D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation |
| title_fullStr | D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation |
| title_full_unstemmed | D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation |
| title_short | D-BADGE: Decision-Based Adversarial Batch Attack With Directional Gradient Estimation |
| title_sort | d badge decision based adversarial batch attack with directional gradient estimation |
| topic | Deep neural networks universal decision-based adversarial attack image classification representation learning vulnerability zeroth-order optimization |
| url | https://ieeexplore.ieee.org/document/10542123/ |
| work_keys_str_mv | AT geunhyeokyu dbadgedecisionbasedadversarialbatchattackwithdirectionalgradientestimation AT minwoojeon dbadgedecisionbasedadversarialbatchattackwithdirectionalgradientestimation AT hyoseokhwang dbadgedecisionbasedadversarialbatchattackwithdirectionalgradientestimation |