The Czech Academy of Sciences, Institute of Computer Science, Pod Vodárenskou věží 271/2, 182 07 Prague 8, Czechia.
Neural Netw. 2020 Jul;127:168-181. doi: 10.1016/j.neunet.2020.04.015. Epub 2020 Apr 20.
This paper deals with the vulnerability of machine learning models to adversarial examples and its implication for robustness and generalization properties. We propose an evolutionary algorithm that can generate adversarial examples for any machine learning model in the black-box attack scenario. This way, we can find adversarial examples without access to model's parameters, only by querying the model at hand. We have tested a range of machine learning models including deep and shallow neural networks. Our experiments have shown that the vulnerability to adversarial examples is not only the problem of deep networks, but it spreads through various machine learning architectures. Rather, it depends on the type of computational units. Local units, such as Gaussian kernels, are less vulnerable to adversarial examples.
本文讨论了机器学习模型对对抗样本的脆弱性及其对鲁棒性和泛化性能的影响。我们提出了一种进化算法,可在黑盒攻击场景中为任何机器学习模型生成对抗样本。这样,我们可以在不访问模型参数的情况下找到对抗样本,而只需查询手头的模型。我们已经测试了一系列机器学习模型,包括深度和浅层神经网络。我们的实验表明,对抗样本的脆弱性不仅是深度网络的问题,而且还会通过各种机器学习架构传播。相反,它取决于计算单元的类型。局部单元,如高斯核,对抗样本的脆弱性较低。
