International Journal of Computational Intelligence Systems

Volume 14, Issue 1, 2021, Pages 1934 - 1947

A Multimodal Adversarial Attack Framework Based on Local and Random Search Algorithms

Authors
Zibo Yi*, ORCID, Jie Yu, Yusong Tan, Qingbo Wu
College of Computer, National University of Defense Technology, No. 109, Deya Road, Kaifu District Changsha, Hunan Province, China
*Corresponding author. Email: yizibo14@nudt.edu.cn
Corresponding Author
Zibo Yi
Received 29 July 2020, Accepted 22 June 2021, Available Online 5 July 2021.
DOI
https://doi.org/10.2991/ijcis.d.210624.001How to use a DOI?
Keywords
Adversarial attack, Multimodal applications, Adversarial image, Adversarial text, Local search, Random search
Abstract

Although many problems in computer vision and natural language processing have made breakthrough progress with neural networks, adversarial attack is a serious potential problem in many neural network- based applications. Attackers can mislead classifiers with slightly perturbed examples, which are called adversarial examples. As the existing adversarial attacks are specific to application and have difficulty in general usage, we propose a multimodal adversarial attack framework to attack both text and image classifiers. The proposed framework firstly generates candidate set to find the substitution words or pixels and generate candidate adversarial examples. Secondly, the framework updates candidate set and search adversarial examples with three local or random search methods [beam search, genetic algorithm (GA) search, particle swarm optimization (PSO) search]. The experiments demonstrate that the proposed framework effectively generates image and text adversarial examples. Comparing the proposed methods with other image adversarial attacks in MNIST dataset, the PSO search in the framework has 98.4% attack success rate which outperforms other methods. Besides, the beam search has the best attack efficiency and human imperception in both MNIST and CIFAR-10 dataset. Comparing with other text adversarial attacks, the beam search in the framework has an attack success rate of 91.5%, which outperforms other existing and the proposed search methods. In attack efficiency, the beam search also outperforms other methods, meaning that we can craft text adversarial examples with less perturbation using beam search.

Copyright
© 2021 The Authors. Published by Atlantis Press B.V.
Open Access
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)
View full text (HTML)

Journal
International Journal of Computational Intelligence Systems
Volume-Issue
14 - 1
Pages
1934 - 1947
Publication Date
2021/07/05
ISSN (Online)
1875-6883
ISSN (Print)
1875-6891
DOI
https://doi.org/10.2991/ijcis.d.210624.001How to use a DOI?
Copyright
© 2021 The Authors. Published by Atlantis Press B.V.
Open Access
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - JOUR
AU  - Zibo Yi
AU  - Jie Yu
AU  - Yusong Tan
AU  - Qingbo Wu
PY  - 2021
DA  - 2021/07/05
TI  - A Multimodal Adversarial Attack Framework Based on Local and Random Search Algorithms
JO  - International Journal of Computational Intelligence Systems
SP  - 1934
EP  - 1947
VL  - 14
IS  - 1
SN  - 1875-6883
UR  - https://doi.org/10.2991/ijcis.d.210624.001
DO  - https://doi.org/10.2991/ijcis.d.210624.001
ID  - Yi2021
ER  -