Szczegóły publikacji
Opis bibliograficzny
Improved DeepFool: efficient adversarial attacks via optimisation and refinement / Łukasz MIKOŁAJCZYK, Piotr DUDA, Robert NOWICKI, Rafał SCHERER // W: ISD2025 [Dokument elektroniczny] : [33rd international conference on Information Systems Development] : September 3-5, 2025, Belgrade, Serbia] : empowering the interdisciplinary role of ISD in addressing contemporary issues in digital transformation: how data science and generative AI contributes to ISD? : proceedings / eds. I. Luković, [et al.]. — Wersja do Windows. — Dane tekstowe. — Gdańsk : University of Gdańsk ; Belgrade : University of Belgrade, 2025. — ( Proceedings of the International Conference on Information Systems Development ; ISSN 2938-5202 ). — e-ISBN: 978-83-972632-1-5. — S. [1–11]. — Wymagania systemowe: Adobe Reader. — Tryb dostępu: https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1741&con... [2025-12-04]. — Bibliogr. s. [10–11], Abstr. — Ł. Mikołajczyk, R. Nowicki, R. Scherer - dod. afiliacja: Czestochowa University of Technology Faculty of Computer Science and Artificial Intelligence, Czestochowa, Poland ; Center of Excellence in Artificial Intelligence
Autorzy (4)
Słowa kluczowe
Dane bibliometryczne
| ID BaDAP | 164727 |
|---|---|
| Data dodania do BaDAP | 2025-12-15 |
| DOI | 10.62036/ISD.2025.62 |
| Rok publikacji | 2025 |
| Typ publikacji | materiały konferencyjne (aut.) |
| Otwarty dostęp |  |
| Wydawca | Uniwersytet Gdański |
| Konferencja | International Conference on Information Systems Development 2025 |
| Czasopismo/seria | Proceedings of the International Conference on Information Systems Development |
Abstract
This study addresses the vulnerability of AI systems to adversarial attacks by extending the DeepFool algorithm. The paper proposes four new approaches and evaluates them according to a set of criteria. The methods are inspired by various optimisation algorithms. One of the proposed improvements adds the independent refinement stage, which reduces the final perturbation without extra gradient computations. Experimental results show that an appropriately modified algorithm reaches the decision boundary in fewer steps and with fewer gradient evaluations, while the refinement stage further decreases the magnitude of the perturbation. The combined approach can improve attack efficiency and reduce detectability, suggesting the potential for a wider application of advanced optimisation techniques in adversarial example generation.
