Adversarial attacks for videos based on conjugate gradient method

Deep neural network-based video classification models enjoy widespread utilization, owing to their superior performance in visual tasks. Yet, with its broad-based application comes a deep-rooted concern for its security aspect. Recent research signals alarm at these models' high susceptibility to deception by adversarial examples. These adversarial examples, subtly laced with humanly imperceptible noise, escape the scope of human detection while posing a substantial risk to the integrity and security of these deep neural network constructs. Over time, significant research has been directed towards image-based adversarial examples, resulting in notable advances in understanding and combating such adversarial attacks within that scope. However, the realm of video-based adversarial attacks highlights a different landscape of complexities and challenges. The nuances of motion information, temporal coherence, and frame-to-frame correlation introduce a multi-dimensional battlefield that necessitates purpose-built solutions. The most straightforward implementation of adversarial attacks employs the Fast Gradient Sign Method(FGSM). Unfortunately, FGSM attack have proven to be lacking in several respects: the attack success rates are far from satisfactory, they are often easily identifiable, and their stealth measures do not pass muster in more rigorous environments. Regarding these questions, this paper draws inspiration from the Nonlinear Conjugate Gradient Descent (FR-CG) method and proposes a nonlinear conjugate gradient attack method for video models. By relaxing constraints, we engineered the search step size to satisfy the strong Wolfe conditions. This critical adjustment assuages the consistency between each iteration's search direction and the upward trajectory of our objective function’s loss value. Further invigorating testament to our approach's efficacy came through experimental results on the UCF-101 dataset, underlining an impressive 91% attack success rate when the perturbation upper limit is set to 3/255. our method outshined FGSM, consistently and markedly, in attack success rates across various perturbation thresholds—even as it offered superior stealth. More critically, it allowed us to strike an effective balance between attack success rate and run-time, a potent recipe for a disruptive contribution to the fraternity of adversarial attacks in video classification models. This adversarial attack method represents a step forward in the continuing quest for robust, reliable, and efficient threat mitigation in the realm of deep neural network-based video classification models.