Abstract
Although deep convolutional neural network (CNN) performs well in many computer vision tasks, its classification mechanism is very vulnerable when it is exposed to the perturbation of adversarial attacks. In this paper, we proposed a new algorithm to generate the substitute model of black-box CNN models by using knowledge distillation. The proposed algorithm distills multiple CNN teacher models to a compact student model as the substitution of other black-box CNN models to be attacked. The black-box adversarial samples can be consequently generated on this substitute model by using various white-box attacking methods. According to our experiments on ResNet18 and DenseNet121, our algorithm boosts the attacking success rate (ASR) by 20% by training the substitute model based on knowledge distillation.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of IEEE International Conference on Image Processing, September 25-28, 2020, Virtual Conference, Abu Dhabi, United Arab Emirates |
| Publisher | IEEE |
| Pages | 648-652 |
| Number of pages | 5 |
| ISBN (Print) | 9781728163956 |
| DOIs | |
| Publication status | Published - Oct 2020 |
| Event | International Conference on Image Processing - Duration: 25 Sept 2020 → … |
Publication series
| Name | |
|---|---|
| ISSN (Print) | 1522-4880 |
Conference
| Conference | International Conference on Image Processing |
|---|---|
| Period | 25/09/20 → … |
Bibliographical note
Publisher Copyright:© 2020 IEEE.