Adversarial attack on neural networks has become an important problem restricting its security applications, and among adversarial attacks oriented towards the sample set, the universal perturbation design causing most sample output errors is critical to the study. This paper takes the neural network for image classification as the research object, summarizes the existing universal perturbation generation algorithm, proposes a universal perturbation generation algorithm combining batch stochastic gradient rise and spherical projection search, achieves loss function reduction through the iterative training of stochastic gradient rise in batch samples, and limits the universal perturbation search to a high-dimensional sphere with radius ε to reduce the search space of universal perturbation. Moreover, the regularized technology is introduced to improve the generation quality of universal perturbations. The experimental results show that compared with the baseline algorithm, the attack success rate increases by more than 10%, the solution efficiency of universal perturbation is improved by one order of magnitude, and the quality controllability of universal perturbation is better.

中文翻译：

---

一种基于球面投影的通用对抗攻击方法

对神经网络的对抗性攻击已成为制约其安全应用的重要问题，在面向样本集的对抗性攻击中，导致大多数样本输出错误的通用扰动设计对研究至关重要。本文以用于图像分类的神经网络为研究对象，总结了现有的通用扰动生成算法，提出了一种结合批量随机梯度上升和球面投影搜索的通用扰动生成算法，通过随机梯度上升的迭代训练实现损失函数降低。在批量样本中，并将通用扰动搜索限制为具有半径的高维球体ε以减少普遍扰动的搜索空间。此外，引入正则化技术以提高通用扰动的生成质量。实验结果表明，与baseline算法相比，攻击成功率提高了10%以上，通用扰动的求解效率提高了一个数量级，通用扰动的质量可控性更好。