Homotopy-Enhanced Sparse Adversarial Attacks: Combining Stochastic Zero-Order Optimization and Minimax Concave Penalty (SZOMCP)

Author

Jamal Aljaberi, Mohamed bin Zayed University of Artificial IntelligenceFollow

Date of Award

4-30-2024

Document Type

Thesis

Degree Name

Master of Science in Machine Learning

Department

Machine Learning

First Advisor

Dr. Bin Gu

Second Advisor

Dr. Martin Takac

Abstract

Adversarial attacks on deep neural networks (DNNs) exploit vulnerabilities in these models to cause misclassification by introducing carefully crafted perturbations to the input data. Adversarial attacks not only exploit the vulnerabilities of DNNs but also raise significant security concerns, especially in critical applications like autonomous driving, medical imaging analysis, and facial recognition systems. This thesis proposed employing a homotopy algorithm and zero-order optimization methods, specifically stochastic zeroth order gradient hard thresholding (SZOHT), to produce adversarial images in the black-box scenario. The homotopy attack starts with all pixels allowed to be perturbed and gradually reduces the allowable pixels that can be altered until the attack fails or reaches one pixel. In addition, we proposed utilizing the Minimax Concave penalty in place of hard thresholding (SZOMCP), as it has superior properties that enable it to generate sparse solutions due to its refined control over the perturbation process, adaptivity to the strength of perturbations, and less bias in retaining large perturbations. We also show visualizations of the homotopy attack progression, offering an exciting insight into the underlying processes in which the attack generates adversarial images. The key findings show that the homotopy attack can effectively generate sparse adversarial images. Moreover, the SZOMCP attacks can generate more sparse adversarial images than the SZOHT attacks, supporting our hypothesis. Finally, we show the visualizations of the homotopy attacks in the results section.

Comments

Thesis submitted to the Deanship of Graduate and Postdoctoral Studies

In partial fulfilment of the requirements for the M.Sc degree in Machine Learning

Advisors: Bin Gu,Dr. Martin Takac

Online access available for MBZUAI patrons

Recommended Citation

J. Aljaberi, "Homotopy-Enhanced Sparse Adversarial Attacks: Combining Stochastic Zero-Order Optimization and Minimax Concave Penalty (SZOMCP),", Apr 2024.