Deep neural networks remain susceptible to adversarial examples,where the goal of an adversarial attack is to introduce small perturbations to the original examples in order to confuse the model without being easily d...Deep neural networks remain susceptible to adversarial examples,where the goal of an adversarial attack is to introduce small perturbations to the original examples in order to confuse the model without being easily detected.Although many adversarial attack methods produce adversarial examples that have achieved great results in the whitebox setting,they exhibit low transferability in the black-box setting.In order to improve the transferability along the baseline of the gradient-based attack technique,we present a novel Stochastic Gradient Accumulation Momentum Iterative Attack(SAMI-FGSM)in this study.In particular,during each iteration,the gradient information is calculated using a normal sampling approach that randomly samples around the sample points,with the highest probability of capturing adversarial features.Meanwhile,the accumulated information of the sampled gradient from the previous iteration is further considered to modify the current updated gradient,and the original gradient attack direction is changed to ensure that the updated gradient direction is more stable.Comprehensive experiments conducted on the ImageNet dataset show that our method outperforms existing state-of-the-art gradient-based attack techniques,achieving an average improvement of 10.2%in transferability.展开更多
A direct as well as iterative method(called the orthogonally accumulated projection method, or the OAP for short) for solving linear system of equations with symmetric coefficient matrix is introduced in this paper. W...A direct as well as iterative method(called the orthogonally accumulated projection method, or the OAP for short) for solving linear system of equations with symmetric coefficient matrix is introduced in this paper. With the Lanczos process the OAP creates a sequence of mutually orthogonal vectors, on the basis of which the projections of the unknown vectors are easily obtained, and thus the approximations to the unknown vectors can be simply constructed by a combination of these projections. This method is an application of the accumulated projection technique proposed recently by the authors of this paper, and can be regarded as a match of conjugate gradient method(CG) in its nature since both the CG and the OAP can be regarded as iterative methods, too. Unlike the CG method which can be only used to solve linear systems with symmetric positive definite coefficient matrices, the OAP can be used to handle systems with indefinite symmetric matrices. Unlike classical Krylov subspace methods which usually ignore the issue of loss of orthogonality, OAP uses an effective approach to detect the loss of orthogonality and a restart strategy is used to handle the loss of orthogonality.Numerical experiments are presented to demonstrate the efficiency of the OAP.展开更多
基金supported in part by the National Natural Science Foundation(62202118,U24A20241)in part by Major Scientific and Technological Special Project of Guizhou Province([2024]014,[2024]003)+1 种基金in part by Scientific and Technological Research Projects from Guizhou Education Department(Qian jiao ji[2023]003)in part by Guizhou Science and Technology Department Hundred Level Innovative Talents Project(GCC[2023]018).
文摘Deep neural networks remain susceptible to adversarial examples,where the goal of an adversarial attack is to introduce small perturbations to the original examples in order to confuse the model without being easily detected.Although many adversarial attack methods produce adversarial examples that have achieved great results in the whitebox setting,they exhibit low transferability in the black-box setting.In order to improve the transferability along the baseline of the gradient-based attack technique,we present a novel Stochastic Gradient Accumulation Momentum Iterative Attack(SAMI-FGSM)in this study.In particular,during each iteration,the gradient information is calculated using a normal sampling approach that randomly samples around the sample points,with the highest probability of capturing adversarial features.Meanwhile,the accumulated information of the sampled gradient from the previous iteration is further considered to modify the current updated gradient,and the original gradient attack direction is changed to ensure that the updated gradient direction is more stable.Comprehensive experiments conducted on the ImageNet dataset show that our method outperforms existing state-of-the-art gradient-based attack techniques,achieving an average improvement of 10.2%in transferability.
基金supported by National Natural Science Foundation of China (Grant Nos. 91430108 and 11171251)the Major Program of Tianjin University of Finance and Economics (Grant No. ZD1302)
文摘A direct as well as iterative method(called the orthogonally accumulated projection method, or the OAP for short) for solving linear system of equations with symmetric coefficient matrix is introduced in this paper. With the Lanczos process the OAP creates a sequence of mutually orthogonal vectors, on the basis of which the projections of the unknown vectors are easily obtained, and thus the approximations to the unknown vectors can be simply constructed by a combination of these projections. This method is an application of the accumulated projection technique proposed recently by the authors of this paper, and can be regarded as a match of conjugate gradient method(CG) in its nature since both the CG and the OAP can be regarded as iterative methods, too. Unlike the CG method which can be only used to solve linear systems with symmetric positive definite coefficient matrices, the OAP can be used to handle systems with indefinite symmetric matrices. Unlike classical Krylov subspace methods which usually ignore the issue of loss of orthogonality, OAP uses an effective approach to detect the loss of orthogonality and a restart strategy is used to handle the loss of orthogonality.Numerical experiments are presented to demonstrate the efficiency of the OAP.
