Adversarial Example Generation using Evolutionary Multi-objective Optimization
This work addresses the problem of understanding model vulnerabilities and attack patterns for security researchers, though it is incremental by building on prior evolutionary and gradient-based methods.
The paper tackled generating adversarial examples under black-box conditions by using evolutionary multi-objective optimization, resulting in the ability to produce diverse attack patterns and robust examples, including for high-resolution images with DCT-based perturbations.
This paper proposes Evolutionary Multi-objective Optimization (EMO)-based Adversarial Example (AE) design method that performs under black-box setting. Previous gradient-based methods produce AEs by changing all pixels of a target image, while previous EC-based method changes small number of pixels to produce AEs. Thanks to EMO's property of population based-search, the proposed method produces various types of AEs involving ones locating between AEs generated by the previous two approaches, which helps to know the characteristics of a target model or to know unknown attack patterns. Experimental results showed the potential of the proposed method, e.g., it can generate robust AEs and, with the aid of DCT-based perturbation pattern generation, AEs for high resolution images.