Research on Adversarial Attack Algorithm Based on AI Recognition

Abstract

Deep learning-based artificial intelligence algorithms are widely used in critical areas such as autonomous driving and medical diagnosis. However, the lack of interpretability of deep neural networks results in unpredictable prediction outcomes, posing significant security threats to AI applications and deployments. Adversarial examples are specially designed samples that introduce imperceptible perturbations to the data, causing neural network models to produce confused and erroneous predictions. Therefore, exploring adversarial example generation algorithms and adversarial attack algorithms is crucial for understanding the security of deep neural networks and the interpretability of deep learning models. Existing adversarial example generation algorithms for image recognition still face issues such as low generation efficiency, poor sample quality, and unstable transferability during adversarial attacks. This study proposes a transferable adversarial attack algorithm, HDSAttack, which maps low-dimensional dense information to high-dimensional sparse information to enhance transferability. To address the problem of unstable transferability in existing adversarial attacks, this paper suggests mapping samples from a low-dimensional dense input space to a high-dimensional latent space to expand the search space and obtain more effective information. Additionally, KL divergence is used to enforce sparsity constraints throughout the training process, yielding linearly separable high-dimensional sparse information for efficient information search. Further, an ensemble attack on multiple target networks is conducted to enable the search network to learn more about neural network structures, improving the transferability of adversarial examples. Experimental results show that, compared to traditional hourglass autoencoder structures, the proposed search network structure enhances the transfer attack success rate by 10.39%.