MUTEN: Mutant-Based Ensembles for Boosting Gradient-Based Adversarial Attack

Auteurs

Hu Q., Guo Y., Cordy M., Papadakis M., Traon Y.L.

Référence

Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023, pp. 1708-1712, 2023

Description

Mutation testing (MT) for deep learning (DL) has gained huge attention in the past few years. However, how MT can really help DL is still unclear. In this paper, we introduce one promising direction for the usage of mutants. Specifically, since mutants can be seen as one kind of ensemble model and ensemble model can be used to boost the adversarial attack, we propose MUTEN, which applies the attack on mutants to improve the success rate of well-known attacks against gradient-masking models. Experimental results on MNIST, SVHN, and CIFAR-10 show that MUTEN can increase the success rate of four attacks by up to 45%. Furthermore, experiments on four defense approaches, bit-depth reduction, JPEG compression, Defensive distillation, and Label smoothing, demonstrate that MUTEN can break the defense models effectively by enhancing the attacks with the success rate of up to 96%.

Lien

doi:10.1109/ASE56229.2023.00042