Towards Robust Universal Perturbation Attacks: A Float-Coded, Penalty-Driven Evolutionary Approach

TL;DR

This paper presents a novel float-coded, penalty-driven evolutionary method for generating universal adversarial perturbations that are less visible, more effective, and faster to produce across diverse deep neural network models.

Contribution

It introduces a new evolutionary framework with continuous gene representations and adaptive operators, improving the quality and efficiency of universal adversarial perturbations.

Findings

Produces perturbations with smaller norms and higher attack success rates.

Achieves faster convergence compared to existing evolutionary methods.

Demonstrates robustness across multiple deep learning architectures.

Abstract

Universal adversarial perturbations (UAPs) have garnered significant attention due to their ability to undermine deep neural networks across multiple inputs using a single noise pattern. Evolutionary algorithms offer a promising approach to generating such perturbations due to their ability to navigate non-convex, gradient-free landscapes. In this work, we introduce a float-coded, penalty-driven single-objective evolutionary framework for UAP generation that achieves lower visibility perturbations while enhancing attack success rates. Our approach leverages continuous gene representations aligned with contemporary deep learning scales, incorporates dynamic evolutionary operators with adaptive scheduling, and utilizes a modular PyTorch implementation for seamless integration with modern architectures. Additionally, we ensure the universality of the generated perturbations by testing across diverse models and by periodically switching batches to prevent overfitting. Experimental results on the ImageNet dataset demonstrate that our framework consistently produces perturbations with smaller norms, higher misclassification effectiveness, and faster convergence compared to existing evolutionary-based methods. These findings highlight the robustness and scalability of our approach for universal adversarial attacks across various deep learning architectures.