MUTEN: Mutant-Based Ensembles for Boosting Gradient-Based Adversarial Attack

Mutation testing (MT) for deep learning (DL) has gained huge attention in the past few years. However, how MT can really help DL is still unclear. In this paper, we introduce one promising direction for the usage of mutants. Specifically, since mutants can be seen as one kind of ensemble model and e...

Full description

Saved in:

Bibliographic Details
Published in:	IEEE/ACM International Conference on Automated Software Engineering : [proceedings] pp. 1708 - 1712
Main Authors:	Hu, Qiang, Guo, Yuejun, Cordy, Maxime, Papadakis, Mike, Traon, Yves Le
Format:	Conference Proceeding
Language:	English
Published:	IEEE 11.09.2023
Subjects:	Boosting Deep learning Smoothing methods Software engineering Testing Transform coding
ISSN:	2643-1572
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

Abstract	Mutation testing (MT) for deep learning (DL) has gained huge attention in the past few years. However, how MT can really help DL is still unclear. In this paper, we introduce one promising direction for the usage of mutants. Specifically, since mutants can be seen as one kind of ensemble model and ensemble model can be used to boost the adversarial attack, we propose MUTEN, which applies the attack on mutants to improve the success rate of well-known attacks against gradient-masking models. Experimental results on MNIST, SVHN, and CIFAR-10 show that MUTEN can increase the success rate of four attacks by up to 45%. Furthermore, experiments on four defense approaches, bit-depth reduction, JPEG compression, Defensive distillation, and Label smoothing, demonstrate that MUTEN can break the defense models effectively by enhancing the attacks with the success rate of up to 96%.
AbstractList	Mutation testing (MT) for deep learning (DL) has gained huge attention in the past few years. However, how MT can really help DL is still unclear. In this paper, we introduce one promising direction for the usage of mutants. Specifically, since mutants can be seen as one kind of ensemble model and ensemble model can be used to boost the adversarial attack, we propose MUTEN, which applies the attack on mutants to improve the success rate of well-known attacks against gradient-masking models. Experimental results on MNIST, SVHN, and CIFAR-10 show that MUTEN can increase the success rate of four attacks by up to 45%. Furthermore, experiments on four defense approaches, bit-depth reduction, JPEG compression, Defensive distillation, and Label smoothing, demonstrate that MUTEN can break the defense models effectively by enhancing the attacks with the success rate of up to 96%.
Author	Traon, Yves Le Guo, Yuejun Cordy, Maxime Papadakis, Mike Hu, Qiang
Author_xml	– sequence: 1 givenname: Qiang surname: Hu fullname: Hu, Qiang organization: University of Luxembourg,Luxembourg – sequence: 2 givenname: Yuejun surname: Guo fullname: Guo, Yuejun organization: Luxembourg Institute of Science and Technology,Luxembourg – sequence: 3 givenname: Maxime surname: Cordy fullname: Cordy, Maxime organization: University of Luxembourg,Luxembourg – sequence: 4 givenname: Mike surname: Papadakis fullname: Papadakis, Mike organization: University of Luxembourg,Luxembourg – sequence: 5 givenname: Yves Le surname: Traon fullname: Traon, Yves Le organization: University of Luxembourg,Luxembourg
BookMark	eNo9j81Kw0AURkdRsK19Al3MCyRO7vwk4y4tsQqpLmzX5WZyI9E2kZlR6NurKK4-DhwOfFN2NowDMXaViTTLhL0pnyttAGwKAmQqhFBwwuY2t4XUQoK1Rp2yCRglk0zncMGmIbwKob8hn7B6vd1Uj7d8_RFxiMkCA7W8GgIdmj0F3o2eL8YxxH544SuPbU__Vtl-kg_oe9zzMkZ0b5fsvMN9oPnfztj2rtos75P6afWwLOsEoVAxMY02DoxwLWGGRKCUNq2yoDXJ3GhtXdMVjpwD54pGo7LO2s50rcw7K42csevfbk9Eu3ffH9Afd5mAn8-5_ALyOU-6
CODEN	IEEPAD
ContentType	Conference Proceeding
DBID	6IE 6IL CBEJK RIE RIL
DOI	10.1109/ASE56229.2023.00042
DatabaseName	IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present
DatabaseTitleList
Database_xml	– sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISBN	9798350329964
EISSN	2643-1572
EndPage	1712
ExternalDocumentID	10298357
Genre	orig-research
GroupedDBID	6IE 6IF 6IH 6IK 6IL 6IM 6IN 6J9 AAJGR AAWTH ABLEC ACREN ADYOE ADZIZ AFYQB ALMA_UNASSIGNED_HOLDINGS AMTXH BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL
ID	FETCH-LOGICAL-a284t-6b56c260cdea1aee24456d49255e376559cbf8cecc2cc8b5a49c99f6fd37f9363
IEDL.DBID	RIE
ISICitedReferencesCount	2
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001103357200139&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
IngestDate	Wed Aug 27 02:32:41 EDT 2025
IsPeerReviewed	false
IsScholarly	true
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-a284t-6b56c260cdea1aee24456d49255e376559cbf8cecc2cc8b5a49c99f6fd37f9363
PageCount	5
ParticipantIDs	ieee_primary_10298357
PublicationCentury	2000
PublicationDate	2023-Sept.-11
PublicationDateYYYYMMDD	2023-09-11
PublicationDate_xml	– month: 09 year: 2023 text: 2023-Sept.-11 day: 11
PublicationDecade	2020
PublicationTitle	IEEE/ACM International Conference on Automated Software Engineering : [proceedings]
PublicationTitleAbbrev	ASE
PublicationYear	2023
Publisher	IEEE
Publisher_xml	– name: IEEE
SSID	ssj0051577 ssib057256115
Score	2.2652326
Snippet	Mutation testing (MT) for deep learning (DL) has gained huge attention in the past few years. However, how MT can really help DL is still unclear. In this...
SourceID	ieee
SourceType	Publisher
StartPage	1708
SubjectTerms	Boosting Deep learning Smoothing methods Software engineering Testing Transform coding
Title	MUTEN: Mutant-Based Ensembles for Boosting Gradient-Based Adversarial Attack
URI	https://ieeexplore.ieee.org/document/10298357
WOSCitedRecordID	wos001103357200139&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELZoxcBUHkW85YE1EOfhB1uLAgy0qkQrdats5yIhoEFNyu_n7CZFDAxsURRZkc_2d5d8332EXCfAwsIRHLhNTJBIZgNT-K77ymitAU9A6c0mxHgs53M1acTqXgsDAJ58Bjfu0v_Lz0u7dp_KcIdHCjMG0SEdIfhGrNUunlQgeDO2zX0Rp4Vo2gyxUN0OXjKE-shpU6LY9-iMfhmqeDx56P3zTfZJ_0eZRydbzDkgO7A8JL3WmoE2O_WIPI9m02x8R0dr5xIcDBGrcpotK_gw71BRzFTpsCwrx3mmjytP-2qf8hbNlXYLkw7qWtu3Ppk9ZNP7p6AxTgg0ok0dcJNyi4WKzUEzDYAQnvLctSFMAQ8ULCKsKaTF6EXWSpPqRFmlCl7ksShUzONj0l2WSzghFMeLsN4OmTY2YVJIE8em4DqEUEuQ7JT03ewsPje9MRbtxJz9cf-c7LkAOMYFYxekW6_WcEl27Vf9Wq2ufES_AQWboDY
linkProvider	IEEE
linkToHtml	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LTsMwELSgIMGpPIp44wPXQJynza1FLUW0USVaiVtlOxsJAQlqUr6ftZsUceDALYoiK_Lant1kZoeQ6wCYmxmCQ6QD5QScaUdltuu-UFJKwBOQW7OJOEn4y4uY1GJ1q4UBAEs-gxtzaf_lp4Vemk9luMM9gRlDvEm2wiDw3JVcq1k-YYzwzdg6-0WkjuO60RBzxW33uY9g7xl1iufbLp3eL0sViyiD9j_fZY90frR5dLJGnX2yAfkBaTfmDLTeq4dkNJ5N-8kdHS-NT7DTQ7RKaT8v4UO9Q0kxV6W9oigN65k-LCzxq3nKmjSX0ixN2q0qqd86ZDboT--HTm2d4EjEm8qJVBhpLFV0CpJJAATxMEpNI8IQ8EjBMkKrjGuMn6c1V6EMhBYii7LUjzPhR_4RaeVFDseE4ngeVtwuk0oHjMdc-b7KIumCKzlwdkI6Znbmn6vuGPNmYk7_uH9FdobT8Wg-ekyezsiuCYbhXzB2TlrVYgkXZFt_Va_l4tJG9xuMO6N9
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=IEEE%2FACM+International+Conference+on+Automated+Software+Engineering+%3A+%5Bproceedings%5D&rft.atitle=MUTEN%3A+Mutant-Based+Ensembles+for+Boosting+Gradient-Based+Adversarial+Attack&rft.au=Hu%2C+Qiang&rft.au=Guo%2C+Yuejun&rft.au=Cordy%2C+Maxime&rft.au=Papadakis%2C+Mike&rft.date=2023-09-11&rft.pub=IEEE&rft.eissn=2643-1572&rft.spage=1708&rft.epage=1712&rft_id=info:doi/10.1109%2FASE56229.2023.00042&rft.externalDocID=10298357