Making Adversarial Examples More Transferable and Indistinguishable
- URL: http://arxiv.org/abs/2007.03838v2
- Date: Sat, 11 Dec 2021 13:42:00 GMT
- Title: Making Adversarial Examples More Transferable and Indistinguishable
- Authors: Junhua Zou, Yexin Duan, Boyu Li, Wu Zhang, Yu Pan, Zhisong Pan
- Abstract summary: We propose a method to generate indistinguishable adversarial examples with high transferability.
Our best transfer-based attack NI-TI-DI-AITM can fool six classic defense models with an average success rate of 89.3%.
- Score: 7.885043234081768
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Fast gradient sign attack series are popular methods that are used to
generate adversarial examples. However, most of the approaches based on fast
gradient sign attack series cannot balance the indistinguishability and
transferability due to the limitations of the basic sign structure. To address
this problem, we propose a method, called Adam Iterative Fast Gradient Tanh
Method (AI-FGTM), to generate indistinguishable adversarial examples with high
transferability. Besides, smaller kernels and dynamic step size are also
applied to generate adversarial examples for further increasing the attack
success rates. Extensive experiments on an ImageNet-compatible dataset show
that our method generates more indistinguishable adversarial examples and
achieves higher attack success rates without extra running time and resource.
Our best transfer-based attack NI-TI-DI-AITM can fool six classic defense
models with an average success rate of 89.3% and three advanced defense models
with an average success rate of 82.7%, which are higher than the
state-of-the-art gradient-based attacks. Additionally, our method can also
reduce nearly 20% mean perturbation. We expect that our method will serve as a
new baseline for generating adversarial examples with better transferability
and indistinguishability.
Related papers
- Improving Adversarial Transferability with Neighbourhood Gradient Information [20.55829486744819]
Deep neural networks (DNNs) are susceptible to adversarial examples, leading to significant performance degradation.
This work focuses on enhancing the transferability of adversarial examples to narrow this performance gap.
We propose the NGI-Attack, which incorporates Example Backtracking and Multiplex Mask strategies.
arXiv Detail & Related papers (2024-08-11T10:46:49Z) - Improving the Transferability of Adversarial Examples via Direction
Tuning [18.880398046794138]
In the transfer-based adversarial attacks, adversarial examples are only generated by the surrogate models and achieve effective perturbation in the victim models.
A novel transfer-based attack, namely direction tuning attack, is proposed to decrease the update deviation in the large step length.
In addition, a network pruning method is proposed to smooth the decision boundary, thereby further decreasing the update oscillation and enhancing the transferability of the generated adversarial examples.
arXiv Detail & Related papers (2023-03-27T11:26:34Z) - Making Substitute Models More Bayesian Can Enhance Transferability of
Adversarial Examples [89.85593878754571]
transferability of adversarial examples across deep neural networks is the crux of many black-box attacks.
We advocate to attack a Bayesian model for achieving desirable transferability.
Our method outperforms recent state-of-the-arts by large margins.
arXiv Detail & Related papers (2023-02-10T07:08:13Z) - Adaptive Perturbation for Adversarial Attack [50.77612889697216]
We propose a new gradient-based attack method for adversarial examples.
We use the exact gradient direction with a scaling factor for generating adversarial perturbations.
Our method exhibits higher transferability and outperforms the state-of-the-art methods.
arXiv Detail & Related papers (2021-11-27T07:57:41Z) - Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial
Robustness [53.094682754683255]
We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically.
Our method learns the in adversarial attacks parameterized by a recurrent neural network.
We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
arXiv Detail & Related papers (2021-10-13T13:54:24Z) - Boosting Transferability of Targeted Adversarial Examples via
Hierarchical Generative Networks [56.96241557830253]
Transfer-based adversarial attacks can effectively evaluate model robustness in the black-box setting.
We propose a conditional generative attacking model, which can generate the adversarial examples targeted at different classes.
Our method improves the success rates of targeted black-box attacks by a significant margin over the existing methods.
arXiv Detail & Related papers (2021-07-05T06:17:47Z) - Improving the Transferability of Adversarial Examples with New Iteration
Framework and Input Dropout [8.24029748310858]
We propose a new gradient iteration framework, which redefines the relationship between the iteration step size, the number of perturbations, and the maximum iterations.
Under this framework, we easily improve the attack success rate of DI-TI-MIM.
In addition, we propose a gradient iterative attack method based on input dropout, which can be well combined with our framework.
arXiv Detail & Related papers (2021-06-03T06:36:38Z) - Staircase Sign Method for Boosting Adversarial Attacks [123.19227129979943]
Crafting adversarial examples for the transfer-based attack is challenging and remains a research hot spot.
We propose a novel Staircase Sign Method (S$2$M) to alleviate this issue, thus boosting transfer-based attacks.
Our method can be generally integrated into any transfer-based attacks, and the computational overhead is negligible.
arXiv Detail & Related papers (2021-04-20T02:31:55Z) - Boosting Adversarial Transferability through Enhanced Momentum [50.248076722464184]
Deep learning models are vulnerable to adversarial examples crafted by adding human-imperceptible perturbations on benign images.
Various momentum iterative gradient-based methods are shown to be effective to improve the adversarial transferability.
We propose an enhanced momentum iterative gradient-based method to further enhance the adversarial transferability.
arXiv Detail & Related papers (2021-03-19T03:10:32Z) - Adversarial example generation with AdaBelief Optimizer and Crop
Invariance [8.404340557720436]
Adversarial attacks can be an important method to evaluate and select robust models in safety-critical applications.
We propose AdaBelief Iterative Fast Gradient Method (ABI-FGM) and Crop-Invariant attack Method (CIM) to improve the transferability of adversarial examples.
Our method has higher success rates than state-of-the-art gradient-based attack methods.
arXiv Detail & Related papers (2021-02-07T06:00:36Z) - Improving the Transferability of Adversarial Examples with the Adam
Optimizer [11.210560572849383]
This study combines an improved Adam gradient descent algorithm with the iterative gradient-based attack method.
Experiments on ImageNet showed that the proposed method offers a higher attack success rate than existing iterative methods.
Our best black-box attack achieved a success rate of 81.9% on a normally trained network and 38.7% on an adversarially trained network.
arXiv Detail & Related papers (2020-12-01T15:18:19Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.