Related papers: Proving Common Mechanisms Shared by Twelve Methods of Boosting Adversarial Transferability

Proving Common Mechanisms Shared by Twelve Methods of Boosting Adversarial Transferability

URL: http://arxiv.org/abs/2207.11694v1
Date: Sun, 24 Jul 2022 08:36:12 GMT
Title: Proving Common Mechanisms Shared by Twelve Methods of Boosting Adversarial Transferability
Authors: Quanshi Zhang, Xin Wang, Jie Ren, Xu Cheng, Shuyun Lin, Yisen Wang, Xiangming Zhu
Abstract summary: This paper summarizes the common mechanism shared by twelve previous transferability-boosting methods in a unified view. We first discover and prove the negative correlation between the adversarial transferability and the attacking utility of interactions. More crucially, we consider the reduction of interactions as the essential reason for the enhancement of adversarial transferability.
Score: 39.82790215086004
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Although many methods have been proposed to enhance the transferability of adversarial perturbations, these methods are designed in a heuristic manner, and the essential mechanism for improving adversarial transferability is still unclear. This paper summarizes the common mechanism shared by twelve previous transferability-boosting methods in a unified view, i.e., these methods all reduce game-theoretic interactions between regional adversarial perturbations. To this end, we focus on the attacking utility of all interactions between regional adversarial perturbations, and we first discover and prove the negative correlation between the adversarial transferability and the attacking utility of interactions. Based on this discovery, we theoretically prove and empirically verify that twelve previous transferability-boosting methods all reduce interactions between regional adversarial perturbations. More crucially, we consider the reduction of interactions as the essential reason for the enhancement of adversarial transferability. Furthermore, we design the interaction loss to directly penalize interactions between regional adversarial perturbations during attacking. Experimental results show that the interaction loss significantly improves the transferability of adversarial perturbations.

Related papers

Neural Interaction Energy for Multi-Agent Trajectory Prediction [55.098754835213995]
We introduce a framework called Multi-Agent Trajectory prediction via neural interaction Energy (MATE) MATE assesses the interactive motion of agents by employing neural interaction energy. To bolster temporal stability, we introduce two constraints: inter-agent interaction constraint and intra-agent motion constraint.
arXiv Detail & Related papers (2024-04-25T12:47:47Z)
Why Does Little Robustness Help? Understanding and Improving Adversarial Transferability from Surrogate Training [24.376314203167016]
Adversarial examples (AEs) for DNNs have been shown to be transferable. In this paper, we take a further step towards understanding adversarial transferability.
arXiv Detail & Related papers (2023-07-15T19:20:49Z)
Exploring Transferable and Robust Adversarial Perturbation Generation from the Perspective of Network Hierarchy [52.153866313879924]
The transferability and robustness of adversarial examples are two practical yet important properties for black-box adversarial attacks. We propose a transferable and robust adversarial generation (TRAP) method. Our TRAP achieves impressive transferability and high robustness against certain interferences.
arXiv Detail & Related papers (2021-08-16T11:52:41Z)
Unlimited Neighborhood Interaction for Heterogeneous Trajectory Prediction [97.40338982628094]
We propose a simple yet effective Unlimited Neighborhood Interaction Network (UNIN) which predicts trajectories of heterogeneous agents in multiply categories. Specifically, the proposed unlimited neighborhood interaction module generates the fused-features of all agents involved in an interaction simultaneously. A hierarchical graph attention module is proposed to obtain category-tocategory interaction and agent-to-agent interaction.
arXiv Detail & Related papers (2021-07-31T13:36:04Z)
A Unified Approach to Interpreting and Boosting Adversarial Transferability [42.33597623865435]
In this paper, we use the interaction inside adversarial perturbations to explain and boost the adversarial transferability. We prove and prove the negative correlation between the adversarial transferability and the interaction inside adversarial perturbations. We propose to penalize interactions during the attacking process, which significantly improves the adversarial transferability.
arXiv Detail & Related papers (2020-10-08T15:19:22Z)
An Imitation from Observation Approach to Transfer Learning with Dynamics Mismatch [44.898655782896306]
We show that one existing solution to this transfer problem - grounded action transformation - is closely related to the problem of imitation from observation. We derive a new algorithm - generative adversarial reinforced action transformation (GARAT) - based on adversarial imitation from observation techniques. We find that agents trained with GARAT achieve higher returns in the target environment compared to existing black-box transfer methods.
arXiv Detail & Related papers (2020-08-04T14:36:02Z)
Uncovering the Connections Between Adversarial Transferability and Knowledge Transferability [27.65302656389911]
We analyze and demonstrate the connections between knowledge transferability and adversarial transferability. Our theoretical studies show that adversarial transferability indicates knowledge transferability and vice versa. We conduct extensive experiments for different scenarios on diverse datasets, showing a positive correlation between adversarial transferability and knowledge transferability.
arXiv Detail & Related papers (2020-06-25T16:04:47Z)
Interference and Generalization in Temporal Difference Learning [86.31598155056035]
We study the link between generalization and interference in temporal-difference (TD) learning. We find that TD easily leads to low-interference, under-generalizing parameters, while the effect seems reversed in supervised learning.
arXiv Detail & Related papers (2020-03-13T15:49:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.