Cargando…
ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model
The research on image-classification-adversarial attacks is crucial in the realm of artificial intelligence (AI) security. Most of the image-classification-adversarial attack methods are for white-box settings, demanding target model gradients and network architectures, which is less practical when...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9955872/ https://www.ncbi.nlm.nih.gov/pubmed/36832581 http://dx.doi.org/10.3390/e25020215 |
| _version_ | 1784894453847162880 |
|---|---|
| author | Fu, Zhongwang Cui, Xiaohui |
| author_facet | Fu, Zhongwang Cui, Xiaohui |
| author_sort | Fu, Zhongwang |
| collection | PubMed |
| description | The research on image-classification-adversarial attacks is crucial in the realm of artificial intelligence (AI) security. Most of the image-classification-adversarial attack methods are for white-box settings, demanding target model gradients and network architectures, which is less practical when facing real-world cases. However, black-box adversarial attacks immune to the above limitations and reinforcement learning (RL) seem to be a feasible solution to explore an optimized evasion policy. Unfortunately, existing RL-based works perform worse than expected in the attack success rate. In light of these challenges, we propose an ensemble-learning-based adversarial attack (ELAA) targeting image-classification models which aggregate and optimize multiple reinforcement learning (RL) base learners, which further reveals the vulnerabilities of learning-based image-classification models. Experimental results show that the attack success rate for the ensemble model is about 35% higher than for a single model. The attack success rate of ELAA is 15% higher than those of the baseline methods. |
| format | Online Article Text |
| id | pubmed-9955872 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-99558722023-02-25 ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model Fu, Zhongwang Cui, Xiaohui Entropy (Basel) Article The research on image-classification-adversarial attacks is crucial in the realm of artificial intelligence (AI) security. Most of the image-classification-adversarial attack methods are for white-box settings, demanding target model gradients and network architectures, which is less practical when facing real-world cases. However, black-box adversarial attacks immune to the above limitations and reinforcement learning (RL) seem to be a feasible solution to explore an optimized evasion policy. Unfortunately, existing RL-based works perform worse than expected in the attack success rate. In light of these challenges, we propose an ensemble-learning-based adversarial attack (ELAA) targeting image-classification models which aggregate and optimize multiple reinforcement learning (RL) base learners, which further reveals the vulnerabilities of learning-based image-classification models. Experimental results show that the attack success rate for the ensemble model is about 35% higher than for a single model. The attack success rate of ELAA is 15% higher than those of the baseline methods. MDPI 2023-01-22 /pmc/articles/PMC9955872/ /pubmed/36832581 http://dx.doi.org/10.3390/e25020215 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Fu, Zhongwang Cui, Xiaohui ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model |
| title | ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model |
| title_full | ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model |
| title_fullStr | ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model |
| title_full_unstemmed | ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model |
| title_short | ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model |
| title_sort | elaa: an ensemble-learning-based adversarial attack targeting image-classification model |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9955872/ https://www.ncbi.nlm.nih.gov/pubmed/36832581 http://dx.doi.org/10.3390/e25020215 |
| work_keys_str_mv | AT fuzhongwang elaaanensemblelearningbasedadversarialattacktargetingimageclassificationmodel AT cuixiaohui elaaanensemblelearningbasedadversarialattacktargetingimageclassificationmodel |