On the Transferability of Adversarial Examples between Encrypted Models

• URL: http://arxiv.org/abs/2209.02997v1
• Date: Wed, 7 Sep 2022 08:50:26 GMT
• Title: On the Transferability of Adversarial Examples between Encrypted Models
• Authors: Miki Tanaka, Isao Echizen, Hitoshi Kiya
• Abstract summary: We investigate the transferability of models encrypted for adversarially robust defense for the first time. In an image-classification experiment, the use of encrypted models is confirmed not only to be robust against AEs but to also reduce the influence of AEs.
• Score: 20.03508926499504
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep neural networks (DNNs) are well known to be vulnerable to adversarial examples (AEs). In addition, AEs have adversarial transferability, namely, AEs generated for a source model fool other (target) models. In this paper, we investigate the transferability of models encrypted for adversarially robust defense for the first time. To objectively verify the property of transferability, the robustness of models is evaluated by using a benchmark attack method, called AutoAttack. In an image-classification experiment, the use of encrypted models is confirmed not only to be robust against AEs but to also reduce the influence of AEs in terms of the transferability of models.

Related papers

• Transferable Adversarial Attacks on SAM and Its Downstream Models [87.23908485521439]
  This paper explores the feasibility of adversarial attacking various downstream models fine-tuned from the segment anything model (SAM) To enhance the effectiveness of the adversarial attack towards models fine-tuned on unknown datasets, we propose a universal meta-initialization (UMI) algorithm.
  arXiv  Detail & Related papers  (2024-10-26T15:04:04Z)
• Enhancing Adversarial Transferability with Adversarial Weight Tuning [36.09966860069978]
  adversarial examples (AEs) mislead the model while appearing benign to human observers. AWT is a data-free tuning method that combines gradient-based and model-based attack methods to enhance the transferability of AEs.
  arXiv  Detail & Related papers  (2024-08-18T13:31:26Z)
• Exploring Adversarial Attacks against Latent Diffusion Model from the Perspective of Adversarial Transferability [33.122737005468245]
  We investigate how the surrogate model's property influences the performance of adversarial examples (AEs) for latent diffusion models (LDMs) We find that the smoothness of surrogate models at different time steps differs, and we substantially improve the performance of the MC-based AEs by selecting smoother surrogate models. In the light of the theoretical framework on adversarial transferability in image classification, we also conduct a theoretical analysis to explain why smooth surrogate models can also boost AEs for LDMs.
  arXiv  Detail & Related papers  (2024-01-13T14:34:18Z)
• OMG-ATTACK: Self-Supervised On-Manifold Generation of Transferable Evasion Attacks [17.584752814352502]
  Evasion Attacks (EA) are used to test the robustness of trained neural networks by distorting input data. We introduce a self-supervised, computationally economical method for generating adversarial examples. Our experiments consistently demonstrate the method is effective across various models, unseen data categories, and even defended models.
  arXiv  Detail & Related papers  (2023-10-05T17:34:47Z)
• An Adaptive Model Ensemble Adversarial Attack for Boosting Adversarial Transferability [26.39964737311377]
  We propose an adaptive ensemble attack, dubbed AdaEA, to adaptively control the fusion of the outputs from each model. We achieve considerable improvement over the existing ensemble attacks on various datasets.
  arXiv  Detail & Related papers  (2023-08-05T15:12:36Z)
• Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning [80.21709045433096]
  A standard method in adversarial robustness assumes a framework to defend against samples crafted by minimally perturbing a sample. We use metric learning to frame adversarial regularization as an optimal transport problem. Our preliminary results indicate that regularizing over invariant perturbations in our framework improves both invariant and sensitivity defense.
  arXiv  Detail & Related papers  (2022-11-04T13:54:02Z)
• Towards Understanding and Boosting Adversarial Transferability from a Distribution Perspective [80.02256726279451]
  adversarial attacks against Deep neural networks (DNNs) have received broad attention in recent years. We propose a novel method that crafts adversarial examples by manipulating the distribution of the image. Our method can significantly improve the transferability of the crafted attacks and achieves state-of-the-art performance in both untargeted and targeted scenarios.
  arXiv  Detail & Related papers  (2022-10-09T09:58:51Z)
• On the Adversarial Transferability of ConvMixer Models [16.31814570942924]
  We investigate the property of adversarial transferability between models including ConvMixer for the first time. In an image classification experiment, ConvMixer is confirmed to be weak to adversarial transferability.
  arXiv  Detail & Related papers  (2022-09-19T02:51:01Z)
• Robust Transferable Feature Extractors: Learning to Defend Pre-Trained Networks Against White Box Adversaries [69.53730499849023]
  We show that adversarial examples can be successfully transferred to another independently trained model to induce prediction errors. We propose a deep learning-based pre-processing mechanism, which we refer to as a robust transferable feature extractor (RTFE)
  arXiv  Detail & Related papers  (2022-09-14T21:09:34Z)
• CARBEN: Composite Adversarial Robustness Benchmark [70.05004034081377]
  This paper demonstrates how composite adversarial attack (CAA) affects the resulting image. It provides real-time inferences of different models, which will facilitate users' configuration of the parameters of the attack level. A leaderboard to benchmark adversarial robustness against CAA is also introduced.
  arXiv  Detail & Related papers  (2022-07-16T01:08:44Z)
• Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution [83.02632136860976]
  We study black-box adversarial attacks against deep neural networks (DNNs) We develop a novel mechanism of adversarial transferability, which is robust to the surrogate biases. Experiments on benchmark datasets and attacking against real-world API demonstrate the superior attack performance of the proposed method.
  arXiv  Detail & Related papers  (2020-06-15T16:45:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.