基于随机梯度上升和球面投影的通用对抗攻击方法

在面向样本集的通用对抗攻击中，导致多数样本输出错误的通用扰动设计是研究关键.本文以典型卷积神经网络为研究对象，对现有通用扰动生成算法进行总结，提出采用批量随机梯度上升训练策略和球面投影搜索策略相结合的通用扰动生成算法.算法的每次迭代计算，首先从样本集中抽取小批量样本，采用随机梯度上升策略计算出使损失函数值下降的通用对抗扰动，然后将通用扰动投影到半径为ε的高维球面上，从而缩小通用扰动的搜索空间.算法还引入了正则化技术以改善通用扰动的生成质量.实验结果证明该算法与基线算法对比，攻击成功率显著提升，通用扰动的求解效率提高约30倍.

A General Adversarial Attack Method Based on Random Gradient Ascent and Spherical Projection

In general adversarial attacks oriented to sample sets， the general perturbation design that causes most sample to output errors is the key to the research. This paper takes the typical convolutional neural networks as the research object， summarizes the existing general perturbation generation algorithms， and proposes a general perturbation generation algorithm that combines batch random gradient ascent and spherical projection search. In each iteration of the algorithm， a small batch of samples are extracted from the sample set， and the general perturbation is calculated by using the random gradient rising strategy which reduces the value of the loss function. The general perturbation is then projected to the high-dimensional spherical surface with a radius of ε， so as to reduce the search space of general disturbances. The algorithm also introduces a regularization technique to improve the generation quality of general disturbances. Experimental results show that compared with the baseline algorithm， the attack success rate is significantly increased， and the solution efficiency of general perturbation is improved by about 30 times.