DANAA: Towards transferable attacks with double adversarial neuron attribution

• URL: http://arxiv.org/abs/2310.10427v2
• Date: Sun, 22 Oct 2023 16:06:00 GMT
• Title: DANAA: Towards transferable attacks with double adversarial neuron attribution
• Authors: Zhibo Jin, Zhiyu Zhu, Xinyi Wang, Jiayu Zhang, Jun Shen, Huaming Chen
• Abstract summary: We propose a double adversarial neuron attribution attack method, termed DANAA', to obtain more accurate feature importance estimation. The goal is to measure the weight of individual neurons and retain the features that are more important towards transferability.
• Score: 37.33924432015966
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: While deep neural networks have excellent results in many fields, they are susceptible to interference from attacking samples resulting in erroneous judgments. Feature-level attacks are one of the effective attack types, which targets the learnt features in the hidden layers to improve its transferability across different models. Yet it is observed that the transferability has been largely impacted by the neuron importance estimation results. In this paper, a double adversarial neuron attribution attack method, termed `DANAA', is proposed to obtain more accurate feature importance estimation. In our method, the model outputs are attributed to the middle layer based on an adversarial non-linear path. The goal is to measure the weight of individual neurons and retain the features that are more important towards transferability. We have conducted extensive experiments on the benchmark datasets to demonstrate the state-of-the-art performance of our method. Our code is available at: https://github.com/Davidjinzb/DANAA

Related papers

Err

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.