COAA: combined adversarial attacks for deep model vulnerability exploitation
摘要
Cybersecurity is gaining an expedited evolution due to artificial intelligence which points out the critical need to evaluate the vulnerabilities of deep learning models against adversarial attacks. This work presents a novel idea of “CoAA” (Combined Adversial Attack) which focuses on the attacking mechanisms rather than the defensive mechanism of Machine Learning models to identify the critical weaknesses of these models. This study comprehensively evaluated the effectiveness of various adversarial attack methods such as FGSM, PGD, HSJA, CW, and ZOO, individually and in combination, on deep learning models trained on the CIFAR-10 dataset. Our findings reveal that while individual attacks like HSJA and FGSM effectively degrade model performance, combining multiple attacks significantly amplifies the adversarial impact, leading to a higher reduction in model accuracy and confidence with minimal perturbations. CW + ZOO emerges as the best algorithm due to its ability to achieve the highest F1 Scores and significantly reduce adversarial accuracy, particularly excelling at smaller batch sizes. For adversarial attacks, batch size 8 is the most effective, favoring high-impact attacks like CW + ZOO. However, hybrid strategies like ZOO + FGSM performed optimally at batch size 32, balancing robustness and efficiency across metrics. Overall, batch size 8 yielded the best results and the “CoAA” strategy CW + ZOO performed the best among all the techniques. The experiments assess adversarial robustness using key metrics such as F1 Score, adversarial accuracy, L2 error and attack time. These results demonstrate the enhanced impact of dual-attack strategies, balancing attack effectiveness with resource efficiency.