ELAA: An Ensemble-Learning-Based Adversarial Attack Targeting Image-Classification Model
The research on image-classification-adversarial attacks is crucial in the realm of artificial intelligence (AI) security. Most of the image-classification-adversarial attack methods are for white-box settings, demanding target model gradients and network architectures, which is less practical when...
Saved in:
Published in | Entropy (Basel, Switzerland) Vol. 25; no. 2; p. 215 |
---|---|
Main Authors | , |
Format | Journal Article |
Language | English |
Published |
Switzerland
MDPI AG
22.01.2023
MDPI |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The research on image-classification-adversarial attacks is crucial in the realm of artificial intelligence (AI) security. Most of the image-classification-adversarial attack methods are for white-box settings, demanding target model gradients and network architectures, which is less practical when facing real-world cases. However, black-box adversarial attacks immune to the above limitations and reinforcement learning (RL) seem to be a feasible solution to explore an optimized evasion policy. Unfortunately, existing RL-based works perform worse than expected in the attack success rate. In light of these challenges, we propose an ensemble-learning-based adversarial attack (ELAA) targeting image-classification models which aggregate and optimize multiple reinforcement learning (RL) base learners, which further reveals the vulnerabilities of learning-based image-classification models. Experimental results show that the attack success rate for the ensemble model is about 35% higher than for a single model. The attack success rate of ELAA is 15% higher than those of the baseline methods. |
---|---|
Bibliography: | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 23 |
ISSN: | 1099-4300 1099-4300 |
DOI: | 10.3390/e25020215 |