Multi-objective differential evolution in the generation of adversarial examples

Adversarial examples remain a critical concern for the robustness of deep learning models, showcasing vulnerabilities to subtle input manipulations. While earlier research focused on generating such examples using white-box strategies, later research focused on gradient-based black-box strategies, as models' internals often are not accessible to external attackers. This paper extends our prior work by exploring a gradient-free search-based algorithm for adversarial example generation, with particular emphasis on differential evolution (DE). Building on top of the classic DE operators, we propose five variants of gradient-free algorithms: a single-objective approach (GADE), two multi-objective variations (NSGA-IIDE and MOEA/DDE), and two many-objective strategies (NSGA-IIIDE and AGE-MOEADE). Our study on five canonical image classification models shows that whilst GADE variant remains the fastest approach, NSGA-IIDE consistently produces more minimal adversarial attacks (i.e., with fewer image perturbations). Moreover, we found that applying a post-process minimization to our adversarial images, would further reduce the number of changes and overall delta variation (image noise).