Diverse Generative Adversarial Perturbations on Attention Space for Transferable Adversarial Attacks

• URL: http://arxiv.org/abs/2208.05650v1
• Date: Thu, 11 Aug 2022 06:00:40 GMT
• Title: Diverse Generative Adversarial Perturbations on Attention Space for Transferable Adversarial Attacks
• Authors: Woo Jae Kim, Seunghoon Hong, and Sung-Eui Yoon
• Abstract summary: Adrial attacks with improved transferability have recently received much attention due to their practicality. Existing transferable attacks craft perturbations in a deterministic manner and often fail to fully explore the loss surface. We propose Attentive-Diversity Attack (ADA), which disrupts diverse salient features in a manner to improve transferability.
• Score: 29.034390810078172
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Adversarial attacks with improved transferability - the ability of an adversarial example crafted on a known model to also fool unknown models - have recently received much attention due to their practicality. Nevertheless, existing transferable attacks craft perturbations in a deterministic manner and often fail to fully explore the loss surface, thus falling into a poor local optimum and suffering from low transferability. To solve this problem, we propose Attentive-Diversity Attack (ADA), which disrupts diverse salient features in a stochastic manner to improve transferability. Primarily, we perturb the image attention to disrupt universal features shared by different models. Then, to effectively avoid poor local optima, we disrupt these features in a stochastic manner and explore the search space of transferable perturbations more exhaustively. More specifically, we use a generator to produce adversarial perturbations that each disturbs features in different ways depending on an input latent code. Extensive experimental evaluations demonstrate the effectiveness of our method, outperforming the transferability of state-of-the-art methods. Codes are available at https://github.com/wkim97/ADA.

Related papers

• Improving Transferable Targeted Attacks with Feature Tuning Mixup [12.707753562907534]
  Deep neural networks exhibit vulnerability to examples that can transfer across different models. We propose Feature Tuning Mixup (FTM) to enhance targeted attack transferability. Our method achieves significant improvements over state-of-the-art methods while maintaining low computational cost.
  arXiv  Detail & Related papers  (2024-11-23T13:18:25Z)
• Imperceptible Face Forgery Attack via Adversarial Semantic Mask [59.23247545399068]
  We propose an Adversarial Semantic Mask Attack framework (ASMA) which can generate adversarial examples with good transferability and invisibility. Specifically, we propose a novel adversarial semantic mask generative model, which can constrain generated perturbations in local semantic regions for good stealthiness.
  arXiv  Detail & Related papers  (2024-06-16T10:38:11Z)
• Adv-Diffusion: Imperceptible Adversarial Face Identity Attack via Latent Diffusion Model [61.53213964333474]
  We propose a unified framework Adv-Diffusion that can generate imperceptible adversarial identity perturbations in the latent space but not the raw pixel space. Specifically, we propose the identity-sensitive conditioned diffusion generative model to generate semantic perturbations in the surroundings. The designed adaptive strength-based adversarial perturbation algorithm can ensure both attack transferability and stealthiness.
  arXiv  Detail & Related papers  (2023-12-18T15:25:23Z)
• Towards Transferable Adversarial Attacks with Centralized Perturbation [4.689122927344728]
  Adversa transferability enables black-box attacks on unknown victim deep neural networks (DNNs) Current transferable attacks create adversarial perturbation over the entire image, resulting in excessive noise that overfit the source model. We propose a transferable adversarial attack with fine-grained perturbation optimization in the frequency domain, creating centralized perturbation.
  arXiv  Detail & Related papers  (2023-12-11T08:25:50Z)
• Diffusion Models for Imperceptible and Transferable Adversarial Attack [23.991194050494396]
  We propose a novel imperceptible and transferable attack by leveraging both the generative and discriminative power of diffusion models. Our proposed method, DiffAttack, is the first that introduces diffusion models into the adversarial attack field.
  arXiv  Detail & Related papers  (2023-05-14T16:02:36Z)
• Enhancing the Self-Universality for Transferable Targeted Attacks [88.6081640779354]
  Our new attack method is proposed based on the observation that highly universal adversarial perturbations tend to be more transferable for targeted attacks. Instead of optimizing the perturbations on different images, optimizing on different regions to achieve self-universality can get rid of using extra data. With the feature similarity loss, our method makes the features from adversarial perturbations to be more dominant than that of benign images.
  arXiv  Detail & Related papers  (2022-09-08T11:21:26Z)
• Transferable Physical Attack against Object Detection with Separable Attention [14.805375472459728]
  Transferable adversarial attack is always in the spotlight since deep learning models have been demonstrated to be vulnerable to adversarial samples. In this paper, we put forward a novel method of generating physically realizable adversarial camouflage to achieve transferable attack against detection models.
  arXiv  Detail & Related papers  (2022-05-19T14:34:55Z)
• Enhancing the Transferability via Feature-Momentum Adversarial Attack [36.449154438599884]
  We describe a new method called Feature-Momentum Adversarial Attack (FMAA) to further improve transferability. Our method significantly outperforms other state-of-the-art methods by a large margin on different target models.
  arXiv  Detail & Related papers  (2022-04-22T09:52:49Z)
• Exploring Transferable and Robust Adversarial Perturbation Generation from the Perspective of Network Hierarchy [52.153866313879924]
  The transferability and robustness of adversarial examples are two practical yet important properties for black-box adversarial attacks. We propose a transferable and robust adversarial generation (TRAP) method. Our TRAP achieves impressive transferability and high robustness against certain interferences.
  arXiv  Detail & Related papers  (2021-08-16T11:52:41Z)
• Attribute-Guided Adversarial Training for Robustness to Natural Perturbations [64.35805267250682]
  We propose an adversarial training approach which learns to generate new samples so as to maximize exposure of the classifier to the attributes-space. Our approach enables deep neural networks to be robust against a wide range of naturally occurring perturbations.
  arXiv  Detail & Related papers  (2020-12-03T10:17:30Z)
• Learning to Generate Noise for Multi-Attack Robustness [126.23656251512762]
  Adversarial learning has emerged as one of the successful techniques to circumvent the susceptibility of existing methods against adversarial perturbations. In safety-critical applications, this makes these methods extraneous as the attacker can adopt diverse adversaries to deceive the system. We propose a novel meta-learning framework that explicitly learns to generate noise to improve the model's robustness against multiple types of attacks.
  arXiv  Detail & Related papers  (2020-06-22T10:44:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.