Sie befinden Sich nicht im Netzwerk der Universität Paderborn. Der Zugriff auf elektronische Ressourcen ist gegebenenfalls nur via VPN oder Shibboleth (DFN-AAI) möglich. mehr Informationen...
In the big data era, Deep Neural Networks (DNNs) have been being applied to many learning tasks. However, they are demonstrated to be vulnerable to adversarial examples, which are crafted by adding imperceptible adversarial perturbation to the corresponding legitimate example. Although there are couples of adversarial attack methods that have been proposed, few attack methods focus on investigating the lower bound of the adversarial perturbation. Present optimization-based attacks have many super-parameters and high time complexity. In this paper, a novel attack method is proposed to evaluate the robustness of DNNs. Our method aims to explore the lower bound of the adversarial perturbation, and it can dynamically adjust part of super-parameters. Moreover, the lower bound of the adversarial perturbation can be employed to measure the gap of the inter-class distance, which can improve the interpretability of DNNs. Experimental results show that our method achieves the smallest perturbation under l_p norm metric, compared to some state-of-the-art attack methods.