Adversarial Attack Against Convolutional Neural Network via Gradient Approximation

At present, convolutional neural networks (CNNs) have become an essential method for image recognition tasks, owing to their remarkable accuracy and efficiency. However, the susceptibility of convolutional neural networks to adversarial attacks, where slight, indiscernible alterations to input images can lead to misclassifications, poses significant security concerns. This work proposes a novel adversarial attack strategy against convolutional neural networks through the approximation of gradients, which was previously constrained by the opaqueness of gradient information within deep learning models. Specifically, our approach leverages a sophisticated optimization algorithm to approximate the gradient direction and magnitude, which can assist the generation of adversarial samples even in scenarios where direct access to the model's gradients is unavailable. From our extensive experiments, we can observe that our proposed model can significantly reduce the classification accuracy and maintain the perceptual indistinguishability of adversarial samples from their original counterparts.