Next Article in Journal
Improved Salp Swarm Algorithm for Tool Wear Prediction
Next Article in Special Issue
Knowledge Acquisition and Reasoning Model for Welding Information Integration Based on CNN and Knowledge Graph
Previous Article in Journal
Fault Diagnosis for Rolling Bearings Based on Multiscale Feature Fusion Deep Residual Networks
Previous Article in Special Issue
Cluster-Based JRPCA Algorithm for Wi-Fi Fingerprint Localization
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 12
Issue 3
10.3390/electronics12030767
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Promoting Adversarial Transferability via Dual-Sampling Variance Aggregation and Feature Heterogeneity Attacks

Electronics 2023, 12(3), 767; https://doi.org/10.3390/electronics12030767
by Yang Huang 1, Yuling Chen 1,*, Xuewei Wang 2, Jing Yang 1 and Qi Wang 1,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Reviewer 4:
Yirui Wu
Electronics 2023, 12(3), 767; https://doi.org/10.3390/electronics12030767
Submission received: 17 December 2022 / Revised: 11 January 2023 / Accepted: 17 January 2023 / Published: 3 February 2023
(This article belongs to the Special Issue AI in Knowledge-Based Information and Decision Support Systems)

Round 1

Reviewer 1 Report

First, thank you for letting me review this paper. It proposed a novel approach that reduces the adversity-sample overfit to the source model. The paper is well-written and has a precise aim. I want to point out several issues.

1.  Besides just performances mentioned in the result and conclusion section, how could this proposed model help in the real world?

2. Is the proposed model still efficient in the medical datasets? Or do you have any plans to cover medical datasets for adversarial attacks? Because adversarial attacks are also critical in those datasets.

3. A primary benefit of the proposed model is that it prevents overfitting problems. Then, it should suggest more detailed explanations about the effects of the proposed model on the overfitting problem, suggesting how much the proposed model could overcome overfitting. 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

This paper has the following merits:

- It is well written and it is moderately easy to read

- It concerns a relevant topic: attack vectors to ANN-based ML

However, I found the following issues in the paper

- The work contained in the paper focuses on improving the attack capabilities of adversary samples by transfer. Although I can understand that this might have application to further strengthen our own ANN against that type of attack, the paper fails to explain what is the purpose of improving attack capabilities. This is something that should be explained in the introduction.

- The case study omits information concerning the output of the several models when classifying the “attacked” data-set: it goes straight to the success of the attack. I believe the performance detains of each model should be presented.

- Concerning presentation: there are several cases of missing the space when a sentence ends and the next one begin. There is a few (not many) cases of wrong conjugation of the word “adversary”. The work must be proof-read once more in order to correct these small issues.

I am going to recommend a minor revision to improve the introduction, add the missing details of the experimental results and to proof-read the paper.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

At present, deep neural network has been widely used in various fields, but its vulnerability has to be paid attention to. The adversarial attack aims to mislead the model by generating imperceptible perturbations on the source model, and although white-box attacks have achieved good success rates, existing adversarial samples exhibit weak migration in the black-box case, especially on some adversarially trained defense models. Previous work for gradient-based optimization either optimizes the image before iteration or optimizes the gradient during iteration, so it results in the generated adversarial samples overfitting the source model and exhibiting poor mobility to the adversarially trained model.

The authors to address the above-mentioned problems proposed the dual-sample variance aggregation with feature heterogeneity attack (V2MDI-FGSM).

Their method produced adversarial samples with better transferability, by simultaneously optimizing images and gradients from both the pre-iterative and iterative processes.

Furthermore, they concluded that their method can be combined with the original gradient-based method. They concluded that their method is effective.

 

 

The Ms needs many improvements before being considered for publication.

It is impossible to make a list.

Only to make some example of the problems.

The abstract is very badly written. It does not resumes the different sections correctly, there are some unstated acronyms, there are sentences starting with AND. 

The introduction is mixed with the methods and results, see figure 1.

Then there are the aims. Then again the lated work..

Methods are mixed with results. See figure 2

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 4 Report

I think this paper is interesting overall. However, I still have some suggestions for authors to improve their paper.

[1]Abstract is a bit too long for readers to clearly catch what the author try to tell. Please keep it straight and short for representation.

[2]What the author try to solve, or problems, is not well presented in the paper. In my opinion, not only what is, but what the background is, what the idea to solve the problem should be presented.

[3]The writing English can be improved. Please ask a native speaker to help carefully revise the paper.

[4]The related work is narrow right now. I have several suggestions for author to cite.

1.https://doi.org/10.1109/TNSE.2022.3151502

2.https://doi.org/10.1109/TII.2022.3194590

3.https://doi.org/10.1145/3503161.3548218

[5] More figures if possible can be involved to offer better representation for this paper. I hope to see so.

[6] What is the structure of the dataset? Please clarify it.

[7] Is it possible to put more latest work for comparisons? If so, please offer some tables.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 3 Report

Authors extensively answered to my comments.

There are not further comments.

Reviewer 4 Report

After corrections, I think this paper can be accepted. Congratulations!

Back to TopTop