Related papers: GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model

GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model

URL: http://arxiv.org/abs/2401.06031v2
Date: Tue, 30 Jan 2024 04:09:43 GMT
Title: GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model
Authors: Zhiyu Zhu, Huaming Chen, Xinyi Wang, Jiayu Zhang, Zhibo Jin, Kim-Kwang Raymond Choo, Jun Shen, Dong Yuan
Abstract summary: Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data. In this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples.
Score: 69.71629949747884
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data, i.e., images, text, and audio. Accordingly, its promising performance has led to the GAN-based adversarial attack methods in the white-box and black-box attack scenarios. The importance of transferable black-box attacks lies in their ability to be effective across different models and settings, more closely aligning with real-world applications. However, it remains challenging to retain the performance in terms of transferable adversarial examples for such methods. Meanwhile, we observe that some enhanced gradient-based transferable adversarial attack algorithms require prolonged time for adversarial sample generation. Thus, in this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples whilst improving the algorithm's efficiency. The main approach is via optimising the training process of the generator parameters. With the functional and characteristic similarity analysis, we introduce a novel gradient editing (GE) mechanism and verify its feasibility in generating transferable samples on various models. Moreover, by exploring the frequency domain information to determine the gradient editing direction, GE-AdvGAN can generate highly transferable adversarial samples while minimizing the execution time in comparison to the state-of-the-art transferable adversarial attack algorithms. The performance of GE-AdvGAN is comprehensively evaluated by large-scale experiments on different datasets, which results demonstrate the superiority of our algorithm. The code for our algorithm is available at: https://github.com/LMBTough/GE-advGAN

Related papers

Enhancing Transferability of Adversarial Attacks with GE-AdvGAN+: A Comprehensive Framework for Gradient Editing [12.131163373757383]
Transferable adversarial attacks pose significant threats to deep neural networks. We propose a novel framework for gradient editing-based transferable attacks, named GE-AdvGAN+. Our framework integrates nearly all mainstream attack methods to enhance transferability while significantly reducing computational resource consumption.
arXiv Detail & Related papers (2024-08-22T18:26:31Z)
Leveraging Information Consistency in Frequency and Spatial Domain for Adversarial Attacks [33.743914380312226]
Adrial examples are a key method to exploit deep neural networks. Recent frequency domain transformation has enhanced the transferability of such adversarial examples. We propose a simple, effective, and scalable gradient-based adversarial attack algorithm.
arXiv Detail & Related papers (2024-08-22T18:24:08Z)
HGAttack: Transferable Heterogeneous Graph Adversarial Attack [63.35560741500611]
Heterogeneous Graph Neural Networks (HGNNs) are increasingly recognized for their performance in areas like the web and e-commerce. This paper introduces HGAttack, the first dedicated gray box evasion attack method for heterogeneous graphs.
arXiv Detail & Related papers (2024-01-18T12:47:13Z)
Boosting Adversarial Transferability by Achieving Flat Local Maxima [23.91315978193527]
Recently, various adversarial attacks have emerged to boost adversarial transferability from different perspectives. In this work, we assume and empirically validate that adversarial examples at a flat local region tend to have good transferability. We propose an approximation optimization method to simplify the gradient update of the objective function.
arXiv Detail & Related papers (2023-06-08T14:21:02Z)
Diffusion-Based Adversarial Sample Generation for Improved Stealthiness and Controllability [62.105715985563656]
We propose a novel framework dubbed Diffusion-Based Projected Gradient Descent (Diff-PGD) for generating realistic adversarial samples. Our framework can be easily customized for specific tasks such as digital attacks, physical-world attacks, and style-based attacks.
arXiv Detail & Related papers (2023-05-25T21:51:23Z)
LD-GAN: Low-Dimensional Generative Adversarial Network for Spectral Image Generation with Variance Regularization [72.4394510913927]
Deep learning methods are state-of-the-art for spectral image (SI) computational tasks. GANs enable diverse augmentation by learning and sampling from the data distribution. GAN-based SI generation is challenging since the high-dimensionality nature of this kind of data hinders the convergence of the GAN training yielding to suboptimal generation. We propose a statistical regularization to control the low-dimensional representation variance for the autoencoder training and to achieve high diversity of samples generated with the GAN.
arXiv Detail & Related papers (2023-04-29T00:25:02Z)
Adaptive Perturbation for Adversarial Attack [50.77612889697216]
We propose a new gradient-based attack method for adversarial examples. We use the exact gradient direction with a scaling factor for generating adversarial perturbations. Our method exhibits higher transferability and outperforms the state-of-the-art methods.
arXiv Detail & Related papers (2021-11-27T07:57:41Z)
Bridge the Gap Between CV and NLP! A Gradient-based Textual Adversarial Attack Framework [17.17479625646699]
We propose a unified framework to craft textual adversarial samples. In this paper, we instantiate our framework with an attack algorithm named Textual Projected Gradient Descent (T-PGD)
arXiv Detail & Related papers (2021-10-28T17:31:51Z)
Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations [49.06194223213629]
Black-box adversarial attacks against video classification models have been largely understudied. In this work, we demonstrate that such effective gradients can be searched for by parameterizing the temporal structure of the search space. Our algorithm inherently leads to successful perturbations with surprisingly few queries.
arXiv Detail & Related papers (2021-10-05T05:05:59Z)
Adversarial examples attack based on random warm restart mechanism and improved Nesterov momentum [0.0]
Some studies have pointed out that the deep learning model is vulnerable to attacks adversarial examples and makes false decisions. We propose RWR-NM-PGD attack algorithm based on random warm restart mechanism and improved Nesterov momentum. Our method has average attack success rate of 46.3077%, which is 27.19% higher than I-FGSM and 9.27% higher than PGD.
arXiv Detail & Related papers (2021-05-10T07:24:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.