Item

Homotopy-Enhanced Sparse Adversarial Attacks: Combining Stochastic Zero-Order Optimization and Minimax Concave Penalty (SZOMCP)

Aljaberi, Jamal
Author
Aljaberi, Jamal
Supervisor
Gu, Bin , Takac, Martin
Department
Machine Learning
Embargo End Date
2024-01-01
Type
Thesis
Date
2024
License
Language
English
Collections
Theses
Show all metadata
Research Projects
Organizational Units
Journal Issue
Abstract
Adversarial attacks on deep neural networks (DNNs) exploit vulnerabilities in these models to cause misclassification by introducing carefully crafted perturbations to the input data. Adversarial attacks not only exploit the vulnerabilities of DNNs but also raise significant security concerns, especially in critical applications like autonomous driving, medical imaging analysis, and facial recognition systems. This thesis proposed employing a homotopy algorithm and zero-order optimization methods, specifically stochastic zeroth order gradient hard thresholding (SZOHT), to produce adversarial images in the black-box scenario. The homotopy attack starts with all pixels allowed to be perturbed and gradually reduces the allowable pixels that can be altered until the attack fails or reaches one pixel. In addition, we proposed utilizing the Minimax Concave penalty in place of hard thresholding (SZOMCP), as it has superior properties that enable it to generate sparse solutions due to its refined control over the perturbation process, adaptivity to the strength of perturbations, and less bias in retaining large perturbations. We also show visualizations of the homotopy attack progression, offering an exciting insight into the underlying processes in which the attack generates adversarial images. The key findings show that the homotopy attack can effectively generate sparse adversarial images. Moreover, the SZOMCP attacks can generate more sparse adversarial images than the SZOHT attacks, supporting our hypothesis. Finally, we show the visualizations of the homotopy attacks in the results section.
Citation
J. Aljaberi, "Homotopy-Enhanced Sparse Adversarial Attacks: Combining Stochastic Zero-Order Optimization and Minimax Concave Penalty (SZOMCP)", MS. Thesis, Machine Learning, MBZUAI, Abu Dhabi, UAE, 2024
Source
Conference
Keywords
Subjects
Source
Publisher
DOI
Additional links
https://mbzuaiac-my.sharepoint.com/:b:/g/personal/libraryservices_mbzuai_ac_ae/EeuPvyPm2aVKoW4ryQF-B90BGhBnOf3tz0FrL-NsBOsgxQ?e=KaFBsf
Full-text link