Mathematical Analysis of Adversarial Attacks
In this paper, we analyze efficacy of the fast gradient sign method (FGSM)and the Carlini-Wagner's L2 (CW-L2) attack. We prove that, within a certainregime, the untargeted FGSM can fool any convolutional neural nets (CNNs) withReLU activation; the targeted FGSM can mislead any CNNs with ReLU activation toclassify any given image into any prescribed class.For a special two-layerneural network: a linear layer followed by the softmax output activation, weshow that the CW-L2 attack increases the ratio of the classificationprobability between the target and ground truth classes. Moreover, we providenumerical results to verify all our theoretical results.
对抗攻击的数学分析
在本文中,我们分析了快速梯度符号法(FGSM)和Carlini-Wagner的L2(CW-L2)攻击的功效。我们证明,在一定范围内,无目标的FGSM可以通过ReLU激活来欺骗任何卷积神经网络(CNN)。目标FGSM可能误导任何具有ReLU激活的CNN,从而将任何给定图像分类为任何规定的类别。.. 对于特殊的两层神经网络:线性层,后跟softmax输出激活,我们表明CW-L2攻击会增加目标和地面真理类之间的分类概率之比。此外,我们提供数值结果来验证我们所有的理论结果。 (阅读更多)
暂无评论