Cross-Task Attack: A Self-Supervision Generative Framework Based on Attention Shift

• URL: http://arxiv.org/abs/2407.13700v1
• Date: Thu, 18 Jul 2024 17:01:10 GMT
• Title: Cross-Task Attack: A Self-Supervision Generative Framework Based on Attention Shift
• Authors: Qingyuan Zeng, Yunpeng Gong, Min Jiang,
• Abstract summary: We propose a self-supervised Cross-Task Attack framework (CTA) CTA generates cross-task perturbations by shifting the attention area of samples away from the co-attention map and closer to the anti-attention map. We conduct extensive experiments on multiple vision tasks and the experimental results confirm the effectiveness of the proposed design for adversarial attacks.
• Score: 3.6015992701968793
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Studying adversarial attacks on artificial intelligence (AI) systems helps discover model shortcomings, enabling the construction of a more robust system. Most existing adversarial attack methods only concentrate on single-task single-model or single-task cross-model scenarios, overlooking the multi-task characteristic of artificial intelligence systems. As a result, most of the existing attacks do not pose a practical threat to a comprehensive and collaborative AI system. However, implementing cross-task attacks is highly demanding and challenging due to the difficulty in obtaining the real labels of different tasks for the same picture and harmonizing the loss functions across different tasks. To address this issue, we propose a self-supervised Cross-Task Attack framework (CTA), which utilizes co-attention and anti-attention maps to generate cross-task adversarial perturbation. Specifically, the co-attention map reflects the area to which different visual task models pay attention, while the anti-attention map reflects the area that different visual task models neglect. CTA generates cross-task perturbations by shifting the attention area of samples away from the co-attention map and closer to the anti-attention map. We conduct extensive experiments on multiple vision tasks and the experimental results confirm the effectiveness of the proposed design for adversarial attacks.

Related papers

• Adversarial Attacks on Hidden Tasks in Multi-Task Learning [8.88375168590583]
  We propose a novel adversarial attack method that leverages knowledge from non-target tasks and the shared backbone network of the multi-task model. Experimental results on CelebA and DeepFashion datasets demonstrate the effectiveness of our method in degrading the accuracy of hidden tasks.
  arXiv  Detail & Related papers  (2024-05-24T06:11:30Z)
• Multi-granular Adversarial Attacks against Black-box Neural Ranking Models [111.58315434849047]
  We create high-quality adversarial examples by incorporating multi-granular perturbations. We transform the multi-granular attack into a sequential decision-making process. Our attack method surpasses prevailing baselines in both attack effectiveness and imperceptibility.
  arXiv  Detail & Related papers  (2024-04-02T02:08:29Z)
• Pre-trained Trojan Attacks for Visual Recognition [106.13792185398863]
  Pre-trained vision models (PVMs) have become a dominant component due to their exceptional performance when fine-tuned for downstream tasks. We propose the Pre-trained Trojan attack, which embeds backdoors into a PVM, enabling attacks across various downstream vision tasks. We highlight the challenges posed by cross-task activation and shortcut connections in successful backdoor attacks.
  arXiv  Detail & Related papers  (2023-12-23T05:51:40Z)
• On the Difficulty of Defending Contrastive Learning against Backdoor Attacks [58.824074124014224]
  We show how contrastive backdoor attacks operate through distinctive mechanisms. Our findings highlight the need for defenses tailored to the specificities of contrastive backdoor attacks.
  arXiv  Detail & Related papers  (2023-12-14T15:54:52Z)
• A Survey on Transferability of Adversarial Examples across Deep Neural Networks [53.04734042366312]
  adversarial examples can manipulate machine learning models into making erroneous predictions. The transferability of adversarial examples enables black-box attacks which circumvent the need for detailed knowledge of the target model. This survey explores the landscape of the adversarial transferability of adversarial examples.
  arXiv  Detail & Related papers  (2023-10-26T17:45:26Z)
• Multi-Task Models Adversarial Attacks [25.834775498006657]
  Multi-Task Learning involves developing a singular model, known as a multi-task model, to concurrently perform multiple tasks. The security of single-task models has been thoroughly studied, but multi-task models pose several critical security questions. This paper addresses these queries through detailed analysis and rigorous experimentation.
  arXiv  Detail & Related papers  (2023-05-20T03:07:43Z)
• Attack-SAM: Towards Attacking Segment Anything Model With Adversarial Examples [68.5719552703438]
  Segment Anything Model (SAM) has attracted significant attention recently, due to its impressive performance on various downstream tasks. Deep vision models are widely recognized as vulnerable to adversarial examples, which fool the model to make wrong predictions with imperceptible perturbation. This work is the first of its kind to conduct a comprehensive investigation on how to attack SAM with adversarial examples.
  arXiv  Detail & Related papers  (2023-05-01T15:08:17Z)
• Boosting Cross-task Transferability of Adversarial Patches with Visual Relations [4.694536172504848]
  We propose a novel Visual Relation-based cross-task Adversarial Patch generation method called VRAP. VRAP employs scene graphs to combine object recognition-based deception with predicate-based relations elimination. Our experiments demonstrate that VRAP significantly surpasses previous methods in terms of black-box transferability across diverse visual reasoning tasks.
  arXiv  Detail & Related papers  (2023-04-11T11:43:57Z)
• Hear No Evil: Towards Adversarial Robustness of Automatic Speech Recognition via Multi-Task Learning [13.735883484044166]
  We investigate the impact of performing multi-task learning on the adversarial robustness of ASR models in the speech domain. Our approach shows considerable absolute improvements in adversarially targeted WER ranging from 17.25 up to 59.90. Ours is the first in-depth study that uncovers adversarial robustness gains from multi-task learning for ASR.
  arXiv  Detail & Related papers  (2022-04-05T17:40:19Z)
• Multi-Task Adversarial Attack [3.412750324146571]
  Multi-Task adversarial Attack (MTA) is a unified framework that can craft adversarial examples for multiple tasks efficiently. MTA uses a generator for adversarial perturbations which consists of a shared encoder for all tasks and multiple task-specific decoders. Thanks to the shared encoder, MTA reduces the storage cost and speeds up the inference when attacking multiple tasks simultaneously.
  arXiv  Detail & Related papers  (2020-11-19T13:56:58Z)
• A Hamiltonian Monte Carlo Method for Probabilistic Adversarial Attack and Learning [122.49765136434353]
  We present an effective method, called Hamiltonian Monte Carlo with Accumulated Momentum (HMCAM), aiming to generate a sequence of adversarial examples. We also propose a new generative method called Contrastive Adversarial Training (CAT), which approaches equilibrium distribution of adversarial examples. Both quantitative and qualitative analysis on several natural image datasets and practical systems have confirmed the superiority of the proposed algorithm.
  arXiv  Detail & Related papers  (2020-10-15T16:07:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.