Generating Multi-label Adversarial Examples by Linear Programming

Deep neural networks (DNNs) are used in various domains, such as image classification, natural language processing and face recognition, etc. However, the presence of malicious examples, generated by specific methods, could result in DNNs misclassification. Such maliciously modified examples are called adversarial examples. So far, most work about adversarial examples mainly focuses on the multi-class classification tasks, and only a little work has been done in the field of multi-label classification.In this study, we have proposed a novel algorithm that generates effective multi-label adversarial examples by solving a linear programming problem (MLA-LP). We minimize the l ∞ norm of distortion while constraining the changes in the label loss of the example after being perturbed. Then, we transform this constrained optimization problem into a linear programming problem for reducing the time cost. In comparison to the existing multi-label classification model attack algorithms, the attack performance of the proposed MLA-LP is found to be competitive, and the adversarial examples generated by MLA-LP have significantly smaller distortions.