On the Strengths of Pure Evolutionary Algorithms in Generating Adversarial Examples

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

174 Downloads (Pure)

Abstract

Deep learning (DL) models are known to be highly accurate, yet vulnerable to adversarial examples. While earlier research focused on generating adversarial examples using whitebox strategies, later research focused on black-box strategies, as models often are not accessible to external attackers. Prior studies showed that black-box approaches based on approximate gradient descent algorithms combined with meta-heuristic search (i.e., the BMI-FGSM algorithm) outperform previously proposed white- and black-box strategies. In this paper, we propose a novel black-box approach purely based on differential evolution (DE), i.e., without using any gradient approximation method. In particular, we propose two variants of a customized DE with customized variation operators: (1) a single-objective (Pixel-SOO) variant generating attacks that fool DL models, and (2) a multi-objective variant (Pixel-MOO) that also minimizes the number of changes in generated attacks. Our preliminary study on five canonical image classification models shows that Pixel-SOO and Pixel-MOO are more effective than the state-of-the-art BMI-FGSM in generating adversarial attacks. Furthermore, Pixel-SOO is faster than Pixel-MOO, while the latter produces subtler attacks than its single-objective variant.
Original languageEnglish
Title of host publicationProceedings of the 2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT)
PublisherIEEE
Pages1-8
Number of pages8
ISBN (Electronic)979-8-3503-0182-3
ISBN (Print)979-8-3503-0183-0
DOIs
Publication statusPublished - 2023
Event2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT) - Melbourne, Australia
Duration: 14 May 202314 May 2023

Conference

Conference2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT)
Country/TerritoryAustralia
CityMelbourne
Period14/05/2314/05/23

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

  • Black-box testing
  • Adversarial example generation
  • Differential evolution
  • Multi-Objective Optimisation
  • Search-based Software Testing
  • Deep Learning

Fingerprint

Dive into the research topics of 'On the Strengths of Pure Evolutionary Algorithms in Generating Adversarial Examples'. Together they form a unique fingerprint.

Cite this