CGN: Class gradient network for the construction of adversarial samples

Deep neural networks (DNNs) have tremendously succeeded in several computer vision-related fields. Nevertheless, previous research demonstrates that DNNs are vulnerable to adversarial sample attacks. Attackers add carefully designed perturbation noise to clean samples to form adversarial samples, which may lead to errors in the DNNs' predictions. Consequently, the safety of deep learning has attracted much attention, and researchers have commenced exploring adversarial samples from different perspectives. In this paper, a method based on class gradient networks (CGN) is proposed, which can generate high-quality adversarial samples by designing multiple objective functions. Specifically, the adversarial sample's high-level features are guided to change by introducing a high-level class gradient matrix, and the classification loss and perturbation loss are combined to jointly train a generator to fit the distribution of adversarial noises. We conducted experiments on two standard datasets, Fashion-MNIST and CIFAR-10. The results demonstrate the superiority of our method in the transferability of adversarial samples on targeted attacks and indicate the approach outperforms the baseline method.