TY - GEN
T1 - Effects of Lp-norm Deficits in Quantization Human Perception on Attack Methods
AU - Zhang, Yuanyuan
AU - Du, Yifan
AU - Wang, Yichen
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The majority of adversarial attack methods aim to enhance the quality of adversarial samples by decreasing the perceived distance between the adversarial samples and the original samples. However, the majority of these methods still accomplish this by restricting the size of the Lp-norm. On the other hand, we discover that the Lp-norm is inconsistent with the perceived similarity based on the literature and experiments. Crucially, we also prove that 'Potential Adversarial Samples' exist. This result suggests that there is still room for improvement in the attack success rate and query efficiency of the current Lp-based attack methods, and the quantity of 'Potential Adversarial Samples' can be utilized as an indicator to assess the attack methods' optimizable space. The discovery also offers a precise course and objective for the optimization of attack methods in the following years. Furthermore, we have derived seven image quality assessment metrics from literature research. We then weigh the benefits and drawbacks of each index against the L2 norm in terms of human perception, and as one of the optimization goals of our next attack strategy, we choose the indexes that most closely match human perception.
AB - The majority of adversarial attack methods aim to enhance the quality of adversarial samples by decreasing the perceived distance between the adversarial samples and the original samples. However, the majority of these methods still accomplish this by restricting the size of the Lp-norm. On the other hand, we discover that the Lp-norm is inconsistent with the perceived similarity based on the literature and experiments. Crucially, we also prove that 'Potential Adversarial Samples' exist. This result suggests that there is still room for improvement in the attack success rate and query efficiency of the current Lp-based attack methods, and the quantity of 'Potential Adversarial Samples' can be utilized as an indicator to assess the attack methods' optimizable space. The discovery also offers a precise course and objective for the optimization of attack methods in the following years. Furthermore, we have derived seven image quality assessment metrics from literature research. We then weigh the benefits and drawbacks of each index against the L2 norm in terms of human perception, and as one of the optimization goals of our next attack strategy, we choose the indexes that most closely match human perception.
KW - Adversarial Attack
KW - Perceived Similarity
KW - Potential Adversarial Samples
KW - component
KW - norm
UR - https://www.scopus.com/pages/publications/85209811285
U2 - 10.1109/QRS-C63300.2024.00084
DO - 10.1109/QRS-C63300.2024.00084
M3 - 会议稿件
AN - SCOPUS:85209811285
T3 - Proceedings - 2024 IEEE 24th International Conference on Software Quality, Reliability and Security Companion, QRS-C 2024
SP - 625
EP - 632
BT - Proceedings - 2024 IEEE 24th International Conference on Software Quality, Reliability and Security Companion, QRS-C 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 24th IEEE International Conference on Software Quality, Reliability and Security Companion, QRS-C 2024
Y2 - 1 July 2024 through 5 July 2024
ER -