所属单位：[1] University of Electronic Science and Technology of China, School of Computer Science and Engineering, China; [2] Sichuan University, School of Cyber Science and Engineering, China; [3] Nanyang Technological University, School of Computer Science and Engineering, Singapore, Singapore; [4] University of Technology Sydney, School of Computer Science in the Faculty of Engineering and Information Technology, Sydney, Australia

发表刊物：IEEE Transactions on Dependable and Secure Computing

关键字：Deep neural networks - Image compression - Particle swarm optimization (PSO) - Superpixels

摘要：Deep neural networks (DNNs) are known to be susceptible to various malicious attacks, such as adversarial and backdoor attacks. However, most of these attacks utilize additive adversarial perturbations (or backdoor triggers) within an Lp-norm constraint. They can be easily defeated by image preprocessing strategies, such as image compression and image super-resolution. To address this limitation, instead of using additive adversarial perturbations (or backdoor triggers) in the pixel space, this work revisits the design of adversarial perturbations (or backdoor triggers) from the perspective of color space and conducts a comprehensive analysis. Specifically, we propose a color space backdoor attack and a color space adversarial attack where the color space shift is used as the trigger and perturbation. To find the optimal trigger or perturbation in the black-box scenario, we perform an iterative optimization process with the Particle Swarm Optimization algorithm. Experimental results confirm the robustness of the proposed color space attacks against image preprocessing defenses as well as other mainstream defense methods. In addition, we also design adaptive defense strategies and evaluate their effectiveness against color space attacks. Our work emphasizes the importance of the color space when developing malicious attacks against DNN and urges more research in this area. ? 2004-2012 IEEE.

文献类型：Article in Press

ISSN号：15455971

是否译文：否