文章基本信息

标题：ε 制約Differential Evolutionによる摂動量の制約を考慮したAdversarial Examplesの生成
本地全文：下载
作者：串田淳一 ; 高濱徹行
期刊名称：進化計算学会論文誌
电子版ISSN：2185-7385
出版年度：2020
卷号：11
期号：3
页码：55-65
DOI：10.11394/tjpnsec.11.55
出版社：The Japanese Society for Evolutionary Computation
摘要：In recent years, deep neural networks have shown outstanding performance in a wide range of domains like computer vision and natural language processing, and so on. However, several studies have demonstrated that in the image classification domain, deep neural classification models are easily fooled by adversarial examples (AE). AE are inputs that are designed to cause poor performance to a predictive machine learning model. As one of the black-box attacks on computer vision, a method of generating adversarial examples using Differential Evolution (DE) has been reported. This attack method is very effective because the output of the model can be greatly changed by modifying a few pixels of the input image. However, even if the operation is only a perturbation of several pixels, if the change in the pixel value (amount of perturbation) at that time is large, it is possible to easily discriminate the AE with the naked eyes. Therefore, in this paper, not only inducing a misclassification but also the amount of perturbation given to the image is considered when searching for AE using DE. In other words, we formalize the AE generation as a constrained optimization problem that searches the AE under a constant amount of perturbation. For this problem, we apply DE with ε constraint method which is one of the constraint handling techniques. In addition, JADE, which is a kind of adaptive DE, is adopted to improve the search ability. In order to confirm the effectiveness of this approach, we carry out experiments using some typical machine learning models and show that the ε constraint JADE can generate AE that is difficult to detect with the naked eyes.
关键词：differential evolution; constrained optimization problem; adversarial examples