Adversarial Example Generation using Evolutionary Multi-objective Optimization
Takahiro Suzuki, Shingo Takeshita, Satoshi Ono
TL;DR
This work tackles black-box adversarial example generation by formulating AE design as a multi-objective optimization problem that does not require gradient information. It leverages Evolutionary Multi-objective Optimization, specifically MOEA/D, to produce a Pareto front of AEs trading off misclassification probability and perturbation magnitude, and extends to high-resolution images via a DCT-based perturbation scheme. Key contributions include the first EMO-based design for AEs, robust AEs that account for transformation-induced variability, and demonstration on CIFAR-10 and ImageNet-1000 with both direct and DCT-based perturbations. The approach yields diverse attack patterns and deepens understanding of model vulnerabilities, offering a flexible framework for adversarial analysis and defense development in black-box settings.
Abstract
This paper proposes Evolutionary Multi-objective Optimization (EMO)-based Adversarial Example (AE) design method that performs under black-box setting. Previous gradient-based methods produce AEs by changing all pixels of a target image, while previous EC-based method changes small number of pixels to produce AEs. Thanks to EMO's property of population based-search, the proposed method produces various types of AEs involving ones locating between AEs generated by the previous two approaches, which helps to know the characteristics of a target model or to know unknown attack patterns. Experimental results showed the potential of the proposed method, e.g., it can generate robust AEs and, with the aid of DCT-based perturbation pattern generation, AEs for high resolution images.