Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Tensor Train Decomposition for Adversarial Attacks on Computer Vision Models (2312.12556v1)

Published 19 Dec 2023 in math.NA and cs.NA

Abstract: Deep neural networks (DNNs) are widely used today, but they are vulnerable to adversarial attacks. To develop effective methods of defense, it is important to understand the potential weak spots of DNNs. Often attacks are organized taking into account the architecture of models (white-box approach) and based on gradient methods, but for real-world DNNs this approach in most cases is impossible. At the same time, several gradient-free optimization algorithms are used to attack black-box models. However, classical methods are often ineffective in the multidimensional case. To organize black-box attacks for computer vision models, in this work, we propose the use of an optimizer based on the low-rank tensor train (TT) format, which has gained popularity in various practical multidimensional applications in recent years. Combined with the attribution of the target image, which is built by the auxiliary (white-box) model, the TT-based optimization method makes it possible to organize an effective black-box attack by small perturbation of pixels in the target image. The superiority of the proposed approach over three popular baselines is demonstrated for five modern DNNs on the ImageNet dataset.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. Advances in adversarial attacks and defenses in computer vision: A survey. IEEE Access, 9:155161–155196, 2021.
  2. Square attack: a query-efficient black-box adversarial attack via random search. In European conference on computer vision, pages 484–501. Springer, 2020.
  3. PROTES: probabilistic optimization with tensor sampling. In Advances in Neural Information Processing Systems, 2023.
  4. Optimization of chemical mixers design via tensor trains and quantum computing. arXiv preprint, 2304.12307, 2023.
  5. A survey on adversarial attacks and defences. CAAI Transactions on Intelligence Technology, 6(1):25–45, 2021.
  6. Solution of the Fokker–Planck equation by cross approximation method in the tensor train format. Frontiers in Artificial Intelligence, 4:668215, 2021.
  7. Optimization of functions given in the tensor train format. arXiv preprint, 2209.14808, 2022.
  8. Black box approximation in the tensor train format initialized by ANOVA decomposition. SIAM Journal on Scientific Computing, 45(4):A2101–A2118, 2023a.
  9. Translate your gibberish: black-box adversarial attack on machine translation systems. arXiv preprint, 2303.10974, 2023b.
  10. Tensor networks for dimensionality reduction and large-scale optimization: Part 1 low-rank tensor decompositions. Foundations and Trends® in Machine Learning, 9(4-5):249–429, 2016.
  11. Tensor networks for dimensionality reduction and large-scale optimization: Part 2 applications and future perspectives. Foundations and Trends® in Machine Learning, 9(6):431–673, 2017.
  12. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition, pages 248–255. Ieee, 2009.
  13. Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 9185–9193, 2018.
  14. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, 2016.
  15. Searching for mobilenetv3. In Proceedings of the IEEE/CVF international conference on computer vision, pages 1314–1324, 2019.
  16. Black-box adversarial attacks with limited queries and information. In International conference on machine learning, pages 2137–2146. PMLR, 2018.
  17. Understanding DDPM latent codes through optimal transport. In 11th International Conference on Learning Representations, ICLR, 2023.
  18. Hoki Kim. Torchattacks: A pytorch repository for adversarial attacks. arXiv preprint, 2010.01950, 2020.
  19. Alex Krizhevsky. One weird trick for parallelizing convolutional neural networks. arXiv preprint, 1404.5997, 2014.
  20. Derivative-free optimization methods. Acta Numerica, 28:287–404, 2019.
  21. Overview of visualization methods for artificial neural networks. Computational Mathematics and Mathematical Physics, 61(5):887–899, 2021.
  22. Protein-protein docking using a tensor train black-box optimization method. arXiv preprint, 2302.03410, 2023.
  23. Are quantum computers practical yet? a case for feature selection in recommender systems using tensor networks. arXiv preprint, 2205.04490, 2022.
  24. Ivan Oseledets. Tensor-train decomposition. SIAM Journal on Scientific Computing, 33(5):2295–2317, 2011.
  25. TT-cross approximation for multidimensional arrays. Linear Algebra and its Applications, 432(1):70–88, 2010.
  26. Black-box solver for multiscale modelling using the QTT format. In Proc. ECCOMAS. Crete Island, Greece, 2016.
  27. Pixle: a fast and effective black-box attack based on rearranging pixels. In 2022 International Joint Conference on Neural Networks (IJCNN), pages 1–7. IEEE, 2022.
  28. Review of artificial intelligence adversarial attack and defense technologies. Applied Sciences, 9(5):909, 2019.
  29. Very deep convolutional networks for large-scale image recognition. arXiv preprint, 1409.1556, 2014.
  30. Deep inside convolutional networks: Visualising image classification models and saliency maps. arXiv preprint, 1312.6034, 2013.
  31. TTOpt: A maximum volume quantized tensor train-based optimization and its application to reinforcement learning. Advances in Neural Information Processing Systems, 35:26052–26065, 2022.
  32. Differential evolution - a simple and efficient heuristic for global optimization over continuous spaces. Journal of global optimization, 11:341–359, 1997.
  33. One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5):828–841, 2019.
  34. Axiomatic attribution for deep networks. In International conference on machine learning, pages 3319–3328. PMLR, 2017.
  35. Going deeper with convolutions. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 1–9, 2015.
  36. Rethinking the inception architecture for computer vision. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 2818–2826, 2016.
  37. Enhancing the transferability of adversarial attacks through variance tuning. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 1924–1933, 2021.
  38. A survey on neural network interpretability. IEEE Transactions on Emerging Topics in Computational Intelligence, 5(5):726–742, 2021.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets