Substitute model generation for black-box adversarial attack based on knowledge distillation

Weiyu Cui, Xiaorui Li, Jiawei Huang, Wenyi Wang, Shuai Wang, Jianwen Chen

Research output: Chapter in Book / Conference PaperConference Paperpeer-review

14 Citations (Scopus)

Abstract

![CDATA[Although deep convolutional neural network (CNN) performs well in many computer vision tasks, its classification mechanism is very vulnerable when it is exposed to the perturbation of adversarial attacks. In this paper, we proposed a new algorithm to generate the substitute model of black-box CNN models by using knowledge distillation. The proposed algorithm distills multiple CNN teacher models to a compact student model as the substitution of other black-box CNN models to be attacked. The black-box adversarial samples can be consequently generated on this substitute model by using various white-box attacking methods. According to our experiments on ResNet18 and DenseNet121, our algorithm boosts the attacking success rate (ASR) by 20% by training the substitute model based on knowledge distillation.]]
Original languageEnglish
Title of host publicationProceedings of IEEE International Conference on Image Processing, September 25-28, 2020, Virtual Conference, Abu Dhabi, United Arab Emirates
PublisherIEEE
Pages648-652
Number of pages5
ISBN (Print)9781728163956
DOIs
Publication statusPublished - 2020
EventInternational Conference on Image Processing -
Duration: 25 Sept 2020 → …

Publication series

Name
ISSN (Print)1522-4880

Conference

ConferenceInternational Conference on Image Processing
Period25/09/20 → …

Fingerprint

Dive into the research topics of 'Substitute model generation for black-box adversarial attack based on knowledge distillation'. Together they form a unique fingerprint.

Cite this