An Universal Adversarial Attack Method Based on Spherical Projection

2021 ◽  
pp. 2250038
Author(s):  
Chunlong Fan ◽  
Zhimin Zhang ◽  
Jianzhong Qiao
Keyword(s):  
Search Space ◽  
Stochastic Gradient ◽  
Dimensional Sphere ◽  
Generation Algorithm ◽  
The Neural Network ◽  
Order Of Magnitude ◽  
Adversarial Attack ◽  
Baseline Algorithm ◽  
Solution Efficiency ◽  
Spherical Projection

Adversarial attack on neural networks has become an important problem restricting its security applications, and among adversarial attacks oriented towards the sample set, the universal perturbation design causing most sample output errors is critical to the study. This paper takes the neural network for image classification as the research object, summarizes the existing universal perturbation generation algorithm, proposes a universal perturbation generation algorithm combining batch stochastic gradient rise and spherical projection search, achieves loss function reduction through the iterative training of stochastic gradient rise in batch samples, and limits the universal perturbation search to a high-dimensional sphere with radius [Formula: see text] to reduce the search space of universal perturbation. Moreover, the regularized technology is introduced to improve the generation quality of universal perturbations. The experimental results show that compared with the baseline algorithm, the attack success rate increases by more than 10%, the solution efficiency of universal perturbation is improved by one order of magnitude, and the quality controllability of universal perturbation is better.

scholarly journals Real-Time Adversarial Attack Detection with Deep Image Prior Initialized as a High-Level Representation Based Blurring Network

Electronics ◽  
2020 ◽  
Vol 10 (1) ◽  
pp. 52
Author(s):  
Richard Evan Sutanto ◽  
Sukho Lee
Keyword(s):  
Neural Network ◽  
Attack Detection ◽  
Detection Methods ◽  
Defense System ◽  
Image Prior ◽  
The Neural Network ◽  
Adversarial Examples ◽  
Deep Image ◽  
Adversarial Attack ◽  
High Level

Several recent studies have shown that artificial intelligence (AI) systems can malfunction due to intentionally manipulated data coming through normal channels. Such kinds of manipulated data are called adversarial examples. Adversarial examples can pose a major threat to an AI-led society when an attacker uses them as means to attack an AI system, which is called an adversarial attack. Therefore, major IT companies such as Google are now studying ways to build AI systems which are robust against adversarial attacks by developing effective defense methods. However, one of the reasons why it is difficult to establish an effective defense system is due to the fact that it is difficult to know in advance what kind of adversarial attack method the opponent is using. Therefore, in this paper, we propose a method to detect the adversarial noise without knowledge of the kind of adversarial noise used by the attacker. For this end, we propose a blurring network that is trained only with normal images and also use it as an initial condition of the Deep Image Prior (DIP) network. This is in contrast to other neural network based detection methods, which require the use of many adversarial noisy images for the training of the neural network. Experimental results indicate the validity of the proposed method.

scholarly journals Best-first Enumeration Based on Bounding Conflicts, and its Application to Large-scale Hybrid Estimation (Extended Abstract)

2020 ◽  
Author(s):  
Eric Timmons ◽  
Brian C. Williams
Keyword(s):  
Large Scale ◽  
Search Space ◽  
Estimation Methods ◽  
Directed Search ◽  
Hybrid Estimation ◽  
Continuous State ◽  
Order Of Magnitude ◽  
State Models ◽  
The Cost ◽  
Belief States

State estimation methods based on hybrid discrete and continuous state models have emerged as a method of precisely computing belief states for real world systems, however they have difficulty scaling to systems with more than a handful of components. Classical, consistency based diagnosis methods scale to this level by combining best-first enumeration and conflict-directed search. While best-first methods have been developed for hybrid estimation, conflict-directed methods have thus far been elusive as conflicts summarize constraint violations, but probabilistic hybrid estimation is relatively unconstrained. In this paper we present an approach (A*BC) that unifies best-first enumeration and conflict-directed search in relatively unconstrained problems through the concept of "bounding" conflicts, an extension of conflicts that represent tighter bounds on the cost of regions of the search space. Experiments show that an A*BC powered state estimator produces estimates up to an order of magnitude faster than the current state of the art, particularly on large systems.

scholarly journals Optimum Dataset Size and Search Space for Minimum Zone Roundness Evaluation by Genetic Algorithm

2013 ◽  
Vol 13 (3) ◽  
pp. 100-107 ◽  
Author(s):  
A. Meo ◽  
L. Profumo ◽  
A. Rossi ◽  
M. Lanzetta
Keyword(s):  
Genetic Algorithm ◽  
Computation Time ◽  
Experimental Tests ◽  
Estimation Algorithm ◽  
Search Space ◽  
Inspection Time ◽  
Profile Measurement ◽  
Dataset Size ◽  
Order Of Magnitude ◽  
Minimum Zone

Roundness is one of the most common features in machining. The minimum zone tolerance (MZT) approach provides the minimum roundness error, i.e. the minimum distance between the two concentric reference circles containing the acquired profile; more accurate form error estimation results in less false part rejections. MZT is still an open problem and is approached here by a Genetic Algorithm. Only few authors have addressed the definition of the search space center and size and its relationship with the dataset size, which greatly influence the inspection time for the profile measurement and the convergence speed of the roundness estimation algorithm for a given target accuracy. Experimental tests on certified roundness profiles, using the profile centroid as the search space center, have shown that the search space size is related to the number of dataset points and an optimum exists, which provides a computation time reduction up to an order of magnitude.

scholarly journals Online Bridged Pruning for Real-Time Search with Arbitrary Lookaheads

2017 ◽  
Author(s):  
Carlos Hernandez ◽  
Adi Botea ◽  
Jorge A. Baier ◽  
Vadim Bulitko
Keyword(s):  
Real Time ◽  
Recent Progress ◽  
State Of The Art ◽  
Search Algorithm ◽  
Search Space ◽  
Poor Quality ◽  
Search Algorithms ◽  
Arbitrary Size ◽  
Order Of Magnitude ◽  
And Robotics

Real-time search algorithms are relevant to time-sensitive decision-making domains such as video games and robotics. In such settings, the agent is required to decide on each action under a constant time bound, regardless of the search space size. Despite recent progress, poor-quality solutions can be produced mainly due to state re-visitation. Different techniques have been developed to reduce such a re-visitation with state pruning showing promise. In this paper, we propose a novel pruning approach applicable to the wide class of real-time search algorithms. Given a local search space of arbitrary size, our technique aggressively prunes away all states in its interior, possibly adding new edges to maintain the connectivity of the search space frontier. An experimental evaluation shows that our pruning often improves the performance of a base real-time search algorithm by over an order of magnitude. This allows our implemented system to outperform state-of-the-art real-time search algorithms used in the evaluation.

scholarly journals Development of Smart Number Writing Robotic Arm using Stochastic Gradient Decent Algorithm

2019 ◽  
Vol 8 (10) ◽  
pp. 542-547
Keyword(s):  
Neural Network ◽  
Research Work ◽  
Input Image ◽  
Stochastic Gradient ◽  
Robotic Systems ◽  
Robotic Arm ◽  
Robot Arm ◽  
Smart Systems ◽  
The Neural Network ◽  
Visual Aid

Robotics and Neural Networks will play a major role in the future of manufacturing and automation process. Nowadays not many robotic systems are smart systems, in the sense that they operate on a predefined algorithm to do their task. This research focuses on a design and development of a robotic arm with a visual input. The robotic arm will perform its job with the help of visual aid. The system will analyze the input image upon which the decision to write a number using Stochastic Gradient Decent (SGD) algorithm. In a nutshell this research work shows how the neural network can be incorporated with robot arm control, which is a desired field of interest in development of smart robotic systems. This work presents where the robotic arm is incorporated together with a neural network to perform a task of writing numbers using vision

scholarly journals Mutual Information Based Learning Rate Decay for Stochastic Gradient Descent Training of Deep Neural Networks

Entropy ◽  
2020 ◽  
Vol 22 (5) ◽  
pp. 560
Author(s):  
Shrihari Vasudevan
Keyword(s):  
Neural Networks ◽  
Mutual Information ◽  
Gradient Descent ◽  
Deep Neural Networks ◽  
Learning Rate ◽  
Stochastic Gradient ◽  
Stochastic Gradient Descent ◽  
Novel Approach ◽  
The Neural Network ◽  
Gradient Based

This paper demonstrates a novel approach to training deep neural networks using a Mutual Information (MI)-driven, decaying Learning Rate (LR), Stochastic Gradient Descent (SGD) algorithm. MI between the output of the neural network and true outcomes is used to adaptively set the LR for the network, in every epoch of the training cycle. This idea is extended to layer-wise setting of LR, as MI naturally provides a layer-wise performance metric. A LR range test determining the operating LR range is also proposed. Experiments compared this approach with popular alternatives such as gradient-based adaptive LR algorithms like Adam, RMSprop, and LARS. Competitive to better accuracy outcomes obtained in competitive to better time, demonstrate the feasibility of the metric and approach.

APPLICATION OF ARTIFICIAL NEURAL NETWORK TO THE IDENTIFICATION OF QUARK AND GLUON JETS

2005 ◽  
Vol 20 (32) ◽  
pp. 7603-7611 ◽  
Author(s):  
MEILING YU ◽  
KUNSHI ZHANG ◽  
LIANSHOU LIU
Keyword(s):  
Neural Network ◽  
Back Propagation ◽  
Back Propagation Neural Network ◽  
Network Architectures ◽  
The Neural Network ◽  
Gluon Jets ◽  
Input Parameters ◽  
Order Of Magnitude ◽  
Two Parameters

The Back-Propagation neural network method is used to identify quark and gluon jets generated by Monte Carlo method. The effects of some factors, such as the architecture of neural network, the input parameters, the training precision and the acceptance cut, on the performance of the neural network are studied in detail. The efficiency and purity of identified quark and gluon jets are calculated for different network architectures. It is found that in order to keep the role of all the input parameters balance, they have to be scaled to the same order of magnitude. Through the study on how the efficiency and purity of the identified quark- and gluon-jets vary with the training precision and acceptance cut, a guidance for how to choose these two parameters is given.

Application and Research of the Granular Evolutionary Neural Network Algorithms for the Complex Network

2013 ◽  
Vol 321-324 ◽  
pp. 2080-2084
Author(s):  
Yong Qin Tao ◽  
Ping Ding Zhang ◽  
Qing Li
Keyword(s):  
Neural Network ◽  
Complex Network ◽  
Quotient Space ◽  
Search Space ◽  
Equivalence Classes ◽  
Speed Of Convergence ◽  
Network Algorithms ◽  
Evolutionary Neural Network ◽  
The Neural Network ◽  
Input Variables

Research on an "Granular Evolutionary Neural Network Algorithms (GENNA)" is applied to the complex network. The theory of the granular quotient space is introduced to the neural network. At first input variables of the neural network are granulated to equivalence classes, so that the input variables of the network structure can be simplified, and have certain clustering characteristics and strong diversity, and then the network parameters and the weights are optimized using evolutionary algorithms, so as to avoid neural network to fall into the local extremum.The experimental results show that the algorithm effectively narrow the search space and accelerate the speed of convergence , and It is feasibility and effectiveness.

scholarly journals Avoiding and Escaping Depressions in Real-Time Heuristic Search

2012 ◽  
Vol 43 ◽  
pp. 523-570 ◽  
Author(s):  
C. Hernandez ◽  
J. A. Baier
Keyword(s):  
Real Time ◽  
Heuristic Search ◽  
Search Algorithm ◽  
Search Space ◽  
Search Algorithms ◽  
Search Spaces ◽  
Heuristic Search Algorithms ◽  
Order Of Magnitude ◽  
Improved Performance ◽  
Hard Real Time

Heuristics used for solving hard real-time search problems have regions with depressions. Such regions are bounded areas of the search space in which the heuristic function is inaccurate compared to the actual cost to reach a solution. Early real-time search algorithms, like LRTA*, easily become trapped in those regions since the heuristic values of their states may need to be updated multiple times, which results in costly solutions. State-of-the-art real-time search algorithms, like LSS-LRTA* or LRTA*(k), improve LRTA*'s mechanism to update the heuristic, resulting in improved performance. Those algorithms, however, do not guide search towards avoiding depressed regions. This paper presents depression avoidance, a simple real-time search principle to guide search towards avoiding states that have been marked as part of a heuristic depression. We propose two ways in which depression avoidance can be implemented: mark-and-avoid and move-to-border. We implement these strategies on top of LSS-LRTA* and RTAA*, producing 4 new real-time heuristic search algorithms: aLSS-LRTA*, daLSS-LRTA*, aRTAA*, and daRTAA*. When the objective is to find a single solution by running the real-time search algorithm once, we show that daLSS-LRTA* and daRTAA* outperform their predecessors sometimes by one order of magnitude. Of the four new algorithms, daRTAA* produces the best solutions given a fixed deadline on the average time allowed per planning episode. We prove all our algorithms have good theoretical properties: in finite search spaces, they find a solution if one exists, and converge to an optimal after a number of trials.

scholarly journals Derivative-free optimization adversarial attacks for graph convolutional networks

2021 ◽  
Vol 7 ◽  
pp. e693
Author(s):  
Runze Yang ◽  
Teng Long
Keyword(s):  
Search Space ◽  
Classification Performance ◽  
Convolutional Networks ◽  
Derivative Free Optimization ◽  
Derivative Free ◽  
Adversarial Examples ◽  
Series Of Experiments ◽  
Adversarial Attack ◽  
Direct Attack

In recent years, graph convolutional networks (GCNs) have emerged rapidly due to their excellent performance in graph data processing. However, recent researches show that GCNs are vulnerable to adversarial attacks. An attacker can maliciously modify edges or nodes of the graph to mislead the model’s classification of the target nodes, or even cause a degradation of the model’s overall classification performance. In this paper, we first propose a black-box adversarial attack framework based on derivative-free optimization (DFO) to generate graph adversarial examples without using gradient and apply advanced DFO algorithms conveniently. Second, we implement a direct attack algorithm (DFDA) using the Nevergrad library based on the framework. Additionally, we overcome the problem of large search space by redesigning the perturbation vector using constraint size. Finally, we conducted a series of experiments on different datasets and parameters. The results show that DFDA outperforms Nettack in most cases, and it can achieve an average attack success rate of more than 95% on the Cora dataset when perturbing at most eight edges. This demonstrates that our framework can fully exploit the potential of DFO methods in node classification adversarial attacks.

Sign in / Sign up

Export Citation Format

Share Document