Options
Efficient Hit-Spectrum-Guided Fast Gradient Sign Method: An Adjustable Approach with Memory and Runtime Optimizations
Publikationstyp
Conference Paper
Date Issued
2025
Sprache
English
Author(s)
Rashedi, Daniel
Start Page
51
End Page
62
Citation
20th International Conference on Software Technologies 2025
Contribution to Conference
Publisher DOI
Publisher
SCITEPRESS - Science and Technology Publications
Fast Gradient Sign Method (FGSM) is an effective method for generating adversarial inputs for neural networks, but it is memory-intensive. DeepFault reduces the memory costs of FGSM by transferring Spectrum-Based Fault Localization to neural networks. SBFL is a technique traditionally using the execution trace of a program to identify suspicious code locations that are likely to contain faults. DeepFault employs SBFL to identify neurons in a neural network that are likely to be responsible for misclassifications to guide FGSM. We propose an adjustable hit-spectrum-guided FGSM approach applying a sub-model strategy to avoid gradient ascent evaluation over the entire model. Additionally, we alter DeepFault’s hit-spectrum computation to be vector-based to allow parallelization of computation, and we modify the hit spectrum to depend on a specific class to allow targeted adversarial input generation. We conduct an experimental evaluation on image classification models showing how our app roach allows trading off effectiveness of adversarial input generation with reduced runtimes while maintaining scalability regarding larger models, with maximum runtimes on the order of tens of seconds. For larger sample sizes, our approach reduces runtimes to fractions of 1/300 and less compared to DeepFault. When processing larger models, it requires only one-third of FGSM’s memory usage.
DDC Class
600: Technology