AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches

Keyuan ZHANG; Kaiyue WU; Siyu CHEN; Yunce ZHAO; Xin YAO

doi:10.1007/978-3-030-91100-3_25

AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches

Keyuan ZHANG, Kaiyue WU, Siyu CHEN, Yunce ZHAO, Xin YAO^*

^*Corresponding author for this work

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

Abstract

Deep neural networks are fragile as they are easily fooled by inputs with deliberate perturbations, which are key concerns in image security issues. Given a trained neural network, we are always curious about whether the neural network has learned the concept that we’d like it to learn. We want to know whether there might be some vulnerabilities of the neural network that could be exploited by hackers. It could be useful if there is a tool that can be used by non-experts to test a trained neural network and try to find its vulnerabilities. In this paper, we introduce a tool named AdverseGen for generating adversarial examples to a trained deep neural network using the black-box approach, i.e., without using any information about the neural network architecture and its gradient information. Our tool provides customized adversarial attacks for both non-professional users and developers. It can be invoked by a graphical user interface or command line mode to launch adversarial attacks. Moreover, this tool supports different attack goals (targeted, non-targeted) and different distance metrics.

Original language	English
Title of host publication	Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings
Editors	Max BRAMER, Richard ELLIS
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	313-326
Number of pages	14
ISBN (Electronic)	9783030911003
ISBN (Print)	9783030910990
DOIs	https://doi.org/10.1007/978-3-030-91100-3_25
Publication status	Published - 2021
Externally published	Yes
Event	41st SGAI International Conference on Artificial Intelligence - Cambridge, United Kingdom Duration: 14 Dec 2021 → 16 Dec 2021

Publication series

Name	Lecture Notes in Artificial Intelligence
Publisher	Springer
Volume	13101
ISSN (Print)	2945-9133
ISSN (Electronic)	2945-9141

Name	Lecture Notes in Computer Science
Publisher	Springer
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	41st SGAI International Conference on Artificial Intelligence
Abbreviated title	SGAI-AI 2021
Country/Territory	United Kingdom
City	Cambridge
Period	14/12/21 → 16/12/21

Bibliographical note

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.

Funding

This work was supported by the Research Institute of Trustworthy Autonomous Systems, the Guangdong Provincial Key Laboratory (Grant No. 2020B121201001), the Program for Guangdong Introducing Innovative and Enterpreneurial Teams (Grant No. 2017ZT07X386) and Shenzhen Science and Technology Program (Grant No. KQTD2016112514355531).

Keywords

Adversarial examples
Black-box attack
Deep neural networks

Access to Document

10.1007/978-3-030-91100-3_25

Cite this

ZHANG, K., WU, K., CHEN, S., ZHAO, Y., & YAO, X. (2021). AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches. In M. BRAMER, & R. ELLIS (Eds.), Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings (pp. 313-326). (Lecture Notes in Artificial Intelligence; Vol. 13101), (Lecture Notes in Computer Science). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-91100-3_25

ZHANG, Keyuan ; WU, Kaiyue ; CHEN, Siyu et al. / AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches. Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings. editor / Max BRAMER ; Richard ELLIS. Springer Science and Business Media Deutschland GmbH, 2021. pp. 313-326 (Lecture Notes in Artificial Intelligence). (Lecture Notes in Computer Science).

@inproceedings{a51cfc42cb2a42b6af5f8b19340e8b23,

title = "AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches",

abstract = "Deep neural networks are fragile as they are easily fooled by inputs with deliberate perturbations, which are key concerns in image security issues. Given a trained neural network, we are always curious about whether the neural network has learned the concept that we{\textquoteright}d like it to learn. We want to know whether there might be some vulnerabilities of the neural network that could be exploited by hackers. It could be useful if there is a tool that can be used by non-experts to test a trained neural network and try to find its vulnerabilities. In this paper, we introduce a tool named AdverseGen for generating adversarial examples to a trained deep neural network using the black-box approach, i.e., without using any information about the neural network architecture and its gradient information. Our tool provides customized adversarial attacks for both non-professional users and developers. It can be invoked by a graphical user interface or command line mode to launch adversarial attacks. Moreover, this tool supports different attack goals (targeted, non-targeted) and different distance metrics.",

keywords = "Adversarial examples, Black-box attack, Deep neural networks",

author = "Keyuan ZHANG and Kaiyue WU and Siyu CHEN and Yunce ZHAO and Xin YAO",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 41st SGAI International Conference on Artificial Intelligence, SGAI-AI 2021 ; Conference date: 14-12-2021 Through 16-12-2021",

year = "2021",

doi = "10.1007/978-3-030-91100-3_25",

language = "English",

isbn = "9783030910990",

series = "Lecture Notes in Artificial Intelligence",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "313--326",

editor = "Max BRAMER and Richard ELLIS",

booktitle = "Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings",

address = "Germany",

}

ZHANG, K, WU, K, CHEN, S, ZHAO, Y & YAO, X 2021, AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches. in M BRAMER & R ELLIS (eds), Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings. Lecture Notes in Artificial Intelligence, vol. 13101, Lecture Notes in Computer Science, Springer Science and Business Media Deutschland GmbH, pp. 313-326, 41st SGAI International Conference on Artificial Intelligence, Cambridge, United Kingdom, 14/12/21. https://doi.org/10.1007/978-3-030-91100-3_25

AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches. / ZHANG, Keyuan; WU, Kaiyue; CHEN, Siyu et al.
Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings. ed. / Max BRAMER; Richard ELLIS. Springer Science and Business Media Deutschland GmbH, 2021. p. 313-326 (Lecture Notes in Artificial Intelligence; Vol. 13101), (Lecture Notes in Computer Science).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

TY - GEN

T1 - AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches

AU - ZHANG, Keyuan

AU - WU, Kaiyue

AU - CHEN, Siyu

AU - ZHAO, Yunce

AU - YAO, Xin

PY - 2021

Y1 - 2021

N2 - Deep neural networks are fragile as they are easily fooled by inputs with deliberate perturbations, which are key concerns in image security issues. Given a trained neural network, we are always curious about whether the neural network has learned the concept that we’d like it to learn. We want to know whether there might be some vulnerabilities of the neural network that could be exploited by hackers. It could be useful if there is a tool that can be used by non-experts to test a trained neural network and try to find its vulnerabilities. In this paper, we introduce a tool named AdverseGen for generating adversarial examples to a trained deep neural network using the black-box approach, i.e., without using any information about the neural network architecture and its gradient information. Our tool provides customized adversarial attacks for both non-professional users and developers. It can be invoked by a graphical user interface or command line mode to launch adversarial attacks. Moreover, this tool supports different attack goals (targeted, non-targeted) and different distance metrics.

AB - Deep neural networks are fragile as they are easily fooled by inputs with deliberate perturbations, which are key concerns in image security issues. Given a trained neural network, we are always curious about whether the neural network has learned the concept that we’d like it to learn. We want to know whether there might be some vulnerabilities of the neural network that could be exploited by hackers. It could be useful if there is a tool that can be used by non-experts to test a trained neural network and try to find its vulnerabilities. In this paper, we introduce a tool named AdverseGen for generating adversarial examples to a trained deep neural network using the black-box approach, i.e., without using any information about the neural network architecture and its gradient information. Our tool provides customized adversarial attacks for both non-professional users and developers. It can be invoked by a graphical user interface or command line mode to launch adversarial attacks. Moreover, this tool supports different attack goals (targeted, non-targeted) and different distance metrics.

KW - Adversarial examples

KW - Black-box attack

KW - Deep neural networks

UR - http://www.scopus.com/inward/record.url?scp=85121909914&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-91100-3_25

DO - 10.1007/978-3-030-91100-3_25

M3 - Conference paper (refereed)

SN - 9783030910990

T3 - Lecture Notes in Artificial Intelligence

SP - 313

EP - 326

BT - Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings

A2 - BRAMER, Max

A2 - ELLIS, Richard

PB - Springer Science and Business Media Deutschland GmbH

T2 - 41st SGAI International Conference on Artificial Intelligence

Y2 - 14 December 2021 through 16 December 2021

ER -

ZHANG K, WU K, CHEN S, ZHAO Y, YAO X. AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches. In BRAMER M, ELLIS R, editors, Artificial Intelligence XXXVIII : 41st SGAI International Conference on Artificial Intelligence, AI 2021, Cambridge, UK, December 14–16, 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 313-326. (Lecture Notes in Artificial Intelligence). (Lecture Notes in Computer Science). Epub 2021 Dec 6. doi: 10.1007/978-3-030-91100-3_25

AdverseGen: A Practical Tool for Generating Adversarial Examples to Deep Neural Networks Using Black-Box Approaches

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this