This paper proposes Evolutionary Multi-objective Optimization (EMO)-based Adversarial Example (AE) design method that performs under black-box setting. Previous gradient-based methods produce AEs by changing all pixels of a target image, while previous EC-based method changes small number of pixels to produce AEs. Thanks to EMO's property of population based-search, the proposed method produces various types of AEs involving ones locating between AEs generated by the previous two approaches, which helps to know the characteristics of a target model or to know unknown attack patterns. Experimental results showed the potential of the proposed method, e.g., it can generate robust AEs and, with the aid of DCT-based perturbation pattern generation, AEs for high resolution images.
@article{arxiv.2001.05844,
title = {Adversarial Example Generation using Evolutionary Multi-objective Optimization},
author = {Takahiro Suzuki and Shingo Takeshita and Satoshi Ono},
journal= {arXiv preprint arXiv:2001.05844},
year = {2024}
}