Direction-Aggregated Attack for Transferable Adversarial Examples

• URL: http://arxiv.org/abs/2104.09172v1
• Date: Mon, 19 Apr 2021 09:54:56 GMT
• Title: Direction-Aggregated Attack for Transferable Adversarial Examples
• Authors: Tianjin Huang, Vlado Menkovski, Yulong Pei, YuHao Wang and Mykola Pechenizkiy
• Abstract summary: A deep neural network is vulnerable to adversarial examples crafted by imposing imperceptible changes to the inputs. adversarial examples are most successful in white-box settings where the model and its parameters are available. We propose the Direction-Aggregated adversarial attacks that deliver transferable adversarial examples.
• Score: 10.208465711975242
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep neural networks are vulnerable to adversarial examples that are crafted by imposing imperceptible changes to the inputs. However, these adversarial examples are most successful in white-box settings where the model and its parameters are available. Finding adversarial examples that are transferable to other models or developed in a black-box setting is significantly more difficult. In this paper, we propose the Direction-Aggregated adversarial attacks that deliver transferable adversarial examples. Our method utilizes aggregated direction during the attack process for avoiding the generated adversarial examples overfitting to the white-box model. Extensive experiments on ImageNet show that our proposed method improves the transferability of adversarial examples significantly and outperforms state-of-the-art attacks, especially against adversarial robust models. The best averaged attack success rates of our proposed method reaches 94.6\% against three adversarial trained models and 94.8\% against five defense methods. It also reveals that current defense approaches do not prevent transferable adversarial attacks.

Related papers

Err

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.