Deep neural networks (DNNs) are vulnerable to adversarial examples obtained by adding small perturbations to original examples. The added perturbations in existing attacks are mainly determined by the gradient of the loss function with respect to the inputs. In this paper, the close relationship between gradient-based attacks and the numerical methods for solving ordinary differential equation (ODE) is studied for the first time. Inspired by the numerical solution of ODE, a new prediction-correction (PC) based adversarial attack is proposed. In our proposed PC-based attack, some existing attack can be selected to produce a predicted example first, and then the predicted example and the current example are combined together to determine the added perturbations. The proposed method possesses good extensibility and can be applied to all available gradient-based attacks easily. Extensive experiments demonstrate that compared with the state-of-the-art gradient-based adversarial attacks, our proposed PC-based attacks have higher attack success rates, and exhibit better transferability.

翻译：深度神经网络（DNNs）易受到对抗样本的攻击，这些对抗样本通过在原始样本上添加微小扰动而获得。现有攻击中添加的扰动主要取决于损失函数相对于输入的梯度。本文首次研究了基于梯度的攻击与求解常微分方程（ODE）数值方法之间的密切关系。受ODE数值解的启发，提出了一种新的基于预测-校正（PC）的对抗攻击。在我们提出的基于PC的攻击中，可先选取现有攻击生成预测样本，然后将预测样本与当前样本相结合以确定添加的扰动。该方法具有良好的扩展性，可轻松应用于所有现有的基于梯度的攻击。大量实验表明，与最先进的基于梯度的对抗攻击相比，我们提出的基于PC的攻击具有更高的攻击成功率，并展现出更好的迁移性。