Adaptive Perturbation for Adversarial Attack

• URL: http://arxiv.org/abs/2111.13841v3
• Date: Tue, 27 Feb 2024 13:18:48 GMT
• Title: Adaptive Perturbation for Adversarial Attack
• Authors: Zheng Yuan, Jie Zhang, Zhaoyan Jiang, Liangliang Li, Shiguang Shan
• Abstract summary: We propose a new gradient-based attack method for adversarial examples. We use the exact gradient direction with a scaling factor for generating adversarial perturbations. Our method exhibits higher transferability and outperforms the state-of-the-art methods.
• Score: 50.77612889697216
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In recent years, the security of deep learning models achieves more and more attentions with the rapid development of neural networks, which are vulnerable to adversarial examples. Almost all existing gradient-based attack methods use the sign function in the generation to meet the requirement of perturbation budget on $L_\infty$ norm. However, we find that the sign function may be improper for generating adversarial examples since it modifies the exact gradient direction. Instead of using the sign function, we propose to directly utilize the exact gradient direction with a scaling factor for generating adversarial perturbations, which improves the attack success rates of adversarial examples even with fewer perturbations. At the same time, we also theoretically prove that this method can achieve better black-box transferability. Moreover, considering that the best scaling factor varies across different images, we propose an adaptive scaling factor generator to seek an appropriate scaling factor for each image, which avoids the computational cost for manually searching the scaling factor. Our method can be integrated with almost all existing gradient-based attack methods to further improve their attack success rates. Extensive experiments on the CIFAR10 and ImageNet datasets show that our method exhibits higher transferability and outperforms the state-of-the-art methods.

Related papers

• Improving Adversarial Transferability with Neighbourhood Gradient Information [20.55829486744819]
  Deep neural networks (DNNs) are susceptible to adversarial examples, leading to significant performance degradation. This work focuses on enhancing the transferability of adversarial examples to narrow this performance gap. We propose the NGI-Attack, which incorporates Example Backtracking and Multiplex Mask strategies.
  arXiv  Detail & Related papers  (2024-08-11T10:46:49Z)
• GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model [69.71629949747884]
  Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data. In this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples.
  arXiv  Detail & Related papers  (2024-01-11T16:43:16Z)
• Sampling-based Fast Gradient Rescaling Method for Highly Transferable Adversarial Attacks [18.05924632169541]
  We propose a Sampling-based Fast Gradient Rescaling Method (S-FGRM) Specifically, we use data rescaling to substitute the sign function without extra computational cost. Our method could significantly boost the transferability of gradient-based attacks and outperform the state-of-the-art baselines.
  arXiv  Detail & Related papers  (2023-07-06T07:52:42Z)
• Improving Adversarial Transferability via Intermediate-level Perturbation Decay [79.07074710460012]
  We develop a novel intermediate-level method that crafts adversarial examples within a single stage of optimization. Experimental results show that it outperforms state-of-the-arts by large margins in attacking various victim models.
  arXiv  Detail & Related papers  (2023-04-26T09:49:55Z)
• Sampling-based Fast Gradient Rescaling Method for Highly Transferable Adversarial Attacks [19.917677500613788]
  gradient-based approaches generally use the $sign$ function to generate perturbations at the end of the process. We propose a Sampling-based Fast Gradient Rescaling Method (S-FGRM) to improve the transferability of crafted adversarial examples.
  arXiv  Detail & Related papers  (2022-04-06T15:12:20Z)
• Learning to Learn Transferable Attack [77.67399621530052]
  Transfer adversarial attack is a non-trivial black-box adversarial attack that aims to craft adversarial perturbations on the surrogate model and then apply such perturbations to the victim model. We propose a Learning to Learn Transferable Attack (LLTA) method, which makes the adversarial perturbations more generalized via learning from both data and model augmentation. Empirical results on the widely-used dataset demonstrate the effectiveness of our attack method with a 12.85% higher success rate of transfer attack compared with the state-of-the-art methods.
  arXiv  Detail & Related papers  (2021-12-10T07:24:21Z)
• Staircase Sign Method for Boosting Adversarial Attacks [123.19227129979943]
  Crafting adversarial examples for the transfer-based attack is challenging and remains a research hot spot. We propose a novel Staircase Sign Method (S$2$M) to alleviate this issue, thus boosting transfer-based attacks. Our method can be generally integrated into any transfer-based attacks, and the computational overhead is negligible.
  arXiv  Detail & Related papers  (2021-04-20T02:31:55Z)
• Enhancing the Transferability of Adversarial Attacks through Variance Tuning [6.5328074334512]
  We propose a new method called variance tuning to enhance the class of iterative gradient based attack methods. Empirical results on the standard ImageNet dataset demonstrate that our method could significantly improve the transferability of gradient-based adversarial attacks.
  arXiv  Detail & Related papers  (2021-03-29T12:41:55Z)
• Boosting Adversarial Transferability through Enhanced Momentum [50.248076722464184]
  Deep learning models are vulnerable to adversarial examples crafted by adding human-imperceptible perturbations on benign images. Various momentum iterative gradient-based methods are shown to be effective to improve the adversarial transferability. We propose an enhanced momentum iterative gradient-based method to further enhance the adversarial transferability.
  arXiv  Detail & Related papers  (2021-03-19T03:10:32Z)
• Random Transformation of Image Brightness for Adversarial Attack [5.405413975396116]
  adversarial examples are crafted by adding small, human-imperceptibles to the original images. Deep neural networks are vulnerable to adversarial examples, which are crafted by adding small, human-imperceptibles to the original images. We propose an adversarial example generation method based on this phenomenon, which can be integrated with Fast Gradient Sign Method. Our method has a higher success rate for black-box attacks than other attack methods based on data augmentation.
  arXiv  Detail & Related papers  (2021-01-12T07:00:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.