A Novel Multi-Sample Generation Method for Adversarial Attacks

Published: 04 March 2022 Publication History


Deep learning models are widely used in daily life, which bring great convenience to our lives, but they are vulnerable to attacks. How to build an attack system with strong generalization ability to test the robustness of deep learning systems is a hot issue in current research, among which the research on black-box attacks is extremely challenging. Most current research on black-box attacks assumes that the input dataset is known. However, in fact, it is difficult for us to obtain detailed information for those datasets. In order to solve the above challenges, we propose a multi-sample generation model for black-box model attacks, called MsGM. MsGM is mainly composed of three parts: multi-sample generation, substitute model training, and adversarial sample generation and attack. Firstly, we design a multi-task generation model to learn the distribution of the original dataset. The model first converts an arbitrary signal of a certain distribution into the shared features of the original dataset through deconvolution operations, and then according to different input conditions, multiple identical sub-networks generate the corresponding targeted samples. Secondly, the generated sample features achieve different outputs through querying the black-box model and training the substitute model, which are used to construct different loss functions to optimize and update the generator and substitute model. Finally, some common white-box attack methods are used to attack the substitute model to generate corresponding adversarial samples, which are utilized to attack the black-box model. We conducted a large number of experiments on the MNIST and CIFAR-10 datasets. The experimental results show that under the same settings and attack algorithms, MsGM achieves better performance than the based models.


Information & Contributors


Published In

cover image ACM Transactions on Multimedia Computing, Communications, and Applications
ACM Transactions on Multimedia Computing, Communications, and Applications  Volume 18, Issue 4
November 2022
497 pages
  • Editor:
  • Abdulmotaleb El Saddik
Issue’s Table of Contents


Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 March 2022
Accepted: 01 December 2021
Revised: 01 December 2021
Received: 01 June 2021
Published in TOMM Volume 18, Issue 4


Author Tags

  1. Black-box attacks
  2. GAN
  3. multi-task
  4. substitute model


  • Research-article
  • Refereed

Funding Sources

  • National Key-Research and Development Program of China
  • Open Fund of Science and Technology on Parallel and Distributed Processing Laboratory
  • Shenzhen Excellent Technological and Innovative Talent Training Foundation
  • Science and Education Joint Project of Natural Science Foundation of Hunan Province
  • Hong Kong Scholars Program


