The widespread application of deep neural network (DNN) techniques is being challenged by adversarial examples, the legitimate input added with imperceptible and well-designed perturbations that can fool DNNs easily in the DNN testing/deploying stage. Previous adversarial example generation algorithms for adversarial white-box attacks used Jacobian gradient information to add perturbations. This information is too imprecise and inexplicit, which will cause unnecessary perturbations when generating adversarial examples. This paper aims to address this issue. We first propose to apply a more informative and distilled gradient information, namely integrated gradient, to generate adversarial examples. To further make the perturbations more imperceptible, we propose to employ the restriction combination of $L_0$ and $L_1/L_2$ secondly, which can restrict the total perturbations and perturbation points simultaneously. Meanwhile, to address the non-differentiable problem of $L_1$, we explore a proximal operation of $L_1$ thirdly. Based on these three works, we propose two Integrated gradient based White-box Adversarial example generation algorithms (IWA): IFPA and IUA. IFPA is suitable for situations where there are a determined number of points to be perturbed. IUA is suitable for situations where no perturbation point number is preset in order to obtain more adversarial examples. We verify the effectiveness of the proposed algorithms on both structured and unstructured datasets, and we compare them with five baseline generation algorithms. The results show that our proposed algorithms do craft adversarial examples with more imperceptible perturbations and satisfactory crafting rate. $L_2$ restriction is more suitable for unstructured dataset and $L_1$ restriction performs better in structured dataset.

翻译：深心神经网络(DNN)技术的广泛应用正受到对抗性实例的挑战,这种合法投入以不易察觉和精心设计的扰动方式添加,可以在 DNN 测试/部署阶段轻易愚弄 DNN 测试/配置阶段轻易愚弄 DNN 。 先前的对抗性白箱攻击的对抗性样生成算法使用 Jacobian 梯度信息来增加扰动。 这种信息太不精确和不清晰, 产生对抗性实例时会造成不必要的扰动。 本文旨在解决这一问题。 我们首先提议应用一个信息更丰富和蒸馏的梯度信息, 即集成的梯度, 即集成的梯度, 以生成对抗性示例。 我们提议使用两个基于 $0 和 $1 美元 和 $ 2 的限制组合, 这可以同时限制总振动的振动和扰动点 。 我们提议在 I 设置 电路面 和 Ralder 数据 中, 将两个基于 白床 的 基 和 亚 结构 的 Ral- dal- dal 进行不易的 的 数据 。