ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions

Pu Zhao; Kaidi Xu; Sijia Liu; Yanzhi Wang; Xue Lin

doi:10.1145/3287624.3288750

ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions

Pu Zhao, Kaidi Xu, Sijia Liu, Yanzhi Wang, Xue Lin

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

15 Citations (Scopus)

Abstract

Many recent studies demonstrate that state-of-the-art Deep neural networks (DNNs) might be easily fooled by adversarial examples, generated by adding carefully crafted and visually imperceptible distortions onto original legal inputs through adversarial attacks. Adversarial examples can lead the DNN to misclassify them as any target labels. In the literature, various methods are proposed to minimize the different ℓp norms of the distortion. However, there lacks a versatile framework for all types of adversarial attacks. To achieve a better understanding for the security properties of DNNs, we propose a general framework for constructing adversarial examples by leveraging Alternating Direction Method of Multipliers (ADMM) to split the optimization approach for effective minimization of various _ℓp norms of the distortion, including ℓ0, ℓ1, ℓ2, and ℓ∞ norms. Thus, the proposed general framework unifies the methods of crafting ℓ0, ℓ1, ℓ2, and ℓ∞ attacks. The experimental results demonstrate that the proposed ADMM attacks achieve both the high attack success rate and the minimal distortion for the misclassification compared with state-of-the-art attack methods. © 2019 Association for Computing Machinery.

Original language	English
Title of host publication	ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference
Publisher	IEEE
Pages	538-543
ISBN (Print)	9781450360074
DOIs	https://doi.org/10.1145/3287624.3288750
Publication status	Published - 21 Jan 2019
Externally published	Yes
Event	24th Asia and South Pacific Design Automation Conference, ASPDAC 2019 - Tokyo, Japan Duration: 21 Jan 2019 → 24 Jan 2019

Publication series

Name	Proceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC

Conference

Conference	24th Asia and South Pacific Design Automation Conference, ASPDAC 2019
Place	Japan
City	Tokyo
Period	21/01/19 → 24/01/19

Bibliographical note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to <a href="mailto:[email protected]">[email protected]</a>.

Funding

This work is partly supported by the National Science Foundation (CCF-1733701,CNS-1704662,andCNS1739748),AirForceResearchLaboratoryFA8750-18-20058,andU.S.OfficeofNavalResearch.

Access Output

10.1145/3287624.3288750

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Zhao, P., Xu, K., Liu, S., Wang, Y., & Lin, X. (2019). ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions. In ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference (pp. 538-543). (Proceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC). IEEE. https://doi.org/10.1145/3287624.3288750

@inproceedings{6e269ec368a54e0792008771b85776af,

title = "ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions",

abstract = "Many recent studies demonstrate that state-of-the-art Deep neural networks (DNNs) might be easily fooled by adversarial examples, generated by adding carefully crafted and visually imperceptible distortions onto original legal inputs through adversarial attacks. Adversarial examples can lead the DNN to misclassify them as any target labels. In the literature, various methods are proposed to minimize the different ℓp norms of the distortion. However, there lacks a versatile framework for all types of adversarial attacks. To achieve a better understanding for the security properties of DNNs, we propose a general framework for constructing adversarial examples by leveraging Alternating Direction Method of Multipliers (ADMM) to split the optimization approach for effective minimization of various ℓp norms of the distortion, including ℓ0, ℓ1, ℓ2, and ℓ∞ norms. Thus, the proposed general framework unifies the methods of crafting ℓ0, ℓ1, ℓ2, and ℓ∞ attacks. The experimental results demonstrate that the proposed ADMM attacks achieve both the high attack success rate and the minimal distortion for the misclassification compared with state-of-the-art attack methods. {\textcopyright} 2019 Association for Computing Machinery.",

author = "Pu Zhao and Kaidi Xu and Sijia Liu and Yanzhi Wang and Xue Lin",

note = "Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to <a href={"}mailto:[email protected]{"}>[email protected]</a>.; 24th Asia and South Pacific Design Automation Conference, ASPDAC 2019 ; Conference date: 21-01-2019 Through 24-01-2019",

year = "2019",

month = jan,

day = "21",

doi = "10.1145/3287624.3288750",

language = "English",

isbn = "9781450360074",

series = "Proceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC",

publisher = "IEEE",

pages = "538--543",

booktitle = "ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference",

address = "United States",

}

Zhao, P, Xu, K, Liu, S, Wang, Y & Lin, X 2019, ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions. in ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference. Proceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC, IEEE, pp. 538-543, 24th Asia and South Pacific Design Automation Conference, ASPDAC 2019, Tokyo, Japan, 21/01/19. https://doi.org/10.1145/3287624.3288750

ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions. / Zhao, Pu; Xu, Kaidi; Liu, Sijia et al.
ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference. IEEE, 2019. p. 538-543 (Proceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - ADMM attack

T2 - 24th Asia and South Pacific Design Automation Conference, ASPDAC 2019

AU - Zhao, Pu

AU - Xu, Kaidi

AU - Liu, Sijia

AU - Wang, Yanzhi

AU - Lin, Xue

N1 - Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to <a href="mailto:[email protected]">[email protected]</a>.

PY - 2019/1/21

Y1 - 2019/1/21

N2 - Many recent studies demonstrate that state-of-the-art Deep neural networks (DNNs) might be easily fooled by adversarial examples, generated by adding carefully crafted and visually imperceptible distortions onto original legal inputs through adversarial attacks. Adversarial examples can lead the DNN to misclassify them as any target labels. In the literature, various methods are proposed to minimize the different ℓp norms of the distortion. However, there lacks a versatile framework for all types of adversarial attacks. To achieve a better understanding for the security properties of DNNs, we propose a general framework for constructing adversarial examples by leveraging Alternating Direction Method of Multipliers (ADMM) to split the optimization approach for effective minimization of various ℓp norms of the distortion, including ℓ0, ℓ1, ℓ2, and ℓ∞ norms. Thus, the proposed general framework unifies the methods of crafting ℓ0, ℓ1, ℓ2, and ℓ∞ attacks. The experimental results demonstrate that the proposed ADMM attacks achieve both the high attack success rate and the minimal distortion for the misclassification compared with state-of-the-art attack methods. © 2019 Association for Computing Machinery.

AB - Many recent studies demonstrate that state-of-the-art Deep neural networks (DNNs) might be easily fooled by adversarial examples, generated by adding carefully crafted and visually imperceptible distortions onto original legal inputs through adversarial attacks. Adversarial examples can lead the DNN to misclassify them as any target labels. In the literature, various methods are proposed to minimize the different ℓp norms of the distortion. However, there lacks a versatile framework for all types of adversarial attacks. To achieve a better understanding for the security properties of DNNs, we propose a general framework for constructing adversarial examples by leveraging Alternating Direction Method of Multipliers (ADMM) to split the optimization approach for effective minimization of various ℓp norms of the distortion, including ℓ0, ℓ1, ℓ2, and ℓ∞ norms. Thus, the proposed general framework unifies the methods of crafting ℓ0, ℓ1, ℓ2, and ℓ∞ attacks. The experimental results demonstrate that the proposed ADMM attacks achieve both the high attack success rate and the minimal distortion for the misclassification compared with state-of-the-art attack methods. © 2019 Association for Computing Machinery.

UR - http://www.scopus.com/inward/record.url?scp=85061118037&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85061118037&origin=recordpage

U2 - 10.1145/3287624.3288750

DO - 10.1145/3287624.3288750

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9781450360074

T3 - Proceedings of the Asia and South Pacific Design Automation Conference, ASP-DAC

SP - 538

EP - 543

BT - ASP-DAC 2019 - 24th Asia and South Pacific Design Automation Conference

PB - IEEE

Y2 - 21 January 2019 through 24 January 2019

ER -

ADMM attack: An enhanced adversarial attack for deep neural networks with undetectable distortions

Abstract

Publication series

Conference

Bibliographical note

Funding

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this