Leveraging Information Consistency in Frequency and Spatial Domain for Adversarial Attacks

• URL: http://arxiv.org/abs/2408.12670v1
• Date: Thu, 22 Aug 2024 18:24:08 GMT
• Title: Leveraging Information Consistency in Frequency and Spatial Domain for Adversarial Attacks
• Authors: Zhibo Jin, Jiayu Zhang, Zhiyu Zhu, Xinyi Wang, Yiyun Huang, Huaming Chen,
• Abstract summary: Adrial examples are a key method to exploit deep neural networks. Recent frequency domain transformation has enhanced the transferability of such adversarial examples. We propose a simple, effective, and scalable gradient-based adversarial attack algorithm.
• Score: 33.743914380312226
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Adversarial examples are a key method to exploit deep neural networks. Using gradient information, such examples can be generated in an efficient way without altering the victim model. Recent frequency domain transformation has further enhanced the transferability of such adversarial examples, such as spectrum simulation attack. In this work, we investigate the effectiveness of frequency domain-based attacks, aligning with similar findings in the spatial domain. Furthermore, such consistency between the frequency and spatial domains provides insights into how gradient-based adversarial attacks induce perturbations across different domains, which is yet to be explored. Hence, we propose a simple, effective, and scalable gradient-based adversarial attack algorithm leveraging the information consistency in both frequency and spatial domains. We evaluate the algorithm for its effectiveness against different models. Extensive experiments demonstrate that our algorithm achieves state-of-the-art results compared to other gradient-based algorithms. Our code is available at: https://github.com/LMBTough/FSA.

Related papers

• Frequency-Spatial Entanglement Learning for Camouflaged Object Detection [34.426297468968485]
  Existing methods attempt to reduce the impact of pixel similarity by maximizing the distinguishing ability of spatial features with complicated design. We propose a new approach to address this issue by jointly exploring the representation in the frequency and spatial domains, introducing the Frequency-Spatial Entanglement Learning (FSEL) method. Our experiments demonstrate the superiority of our FSEL over 21 state-of-the-art methods, through comprehensive quantitative and qualitative comparisons in three widely-used datasets.
  arXiv  Detail & Related papers  (2024-09-03T07:58:47Z)
• GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model [69.71629949747884]
  Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data. In this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples.
  arXiv  Detail & Related papers  (2024-01-11T16:43:16Z)
• Frequency Domain Adversarial Training for Robust Volumetric Medical Segmentation [111.61781272232646]
  It is imperative to ensure the robustness of deep learning models in critical applications such as, healthcare. We present a 3D frequency domain adversarial attack for volumetric medical image segmentation models.
  arXiv  Detail & Related papers  (2023-07-14T10:50:43Z)
• Boosting Adversarial Transferability by Achieving Flat Local Maxima [23.91315978193527]
  Recently, various adversarial attacks have emerged to boost adversarial transferability from different perspectives. In this work, we assume and empirically validate that adversarial examples at a flat local region tend to have good transferability. We propose an approximation optimization method to simplify the gradient update of the objective function.
  arXiv  Detail & Related papers  (2023-06-08T14:21:02Z)
• Convolutional generative adversarial imputation networks for spatio-temporal missing data in storm surge simulations [86.5302150777089]
  Generative Adversarial Imputation Nets (GANs) and GAN-based techniques have attracted attention as unsupervised machine learning methods. We name our proposed method as Con Conval Generative Adversarial Imputation Nets (Conv-GAIN)
  arXiv  Detail & Related papers  (2021-11-03T03:50:48Z)
• Towards Domain-Agnostic Contrastive Learning [103.40783553846751]
  We propose a novel domain-agnostic approach to contrastive learning, named DACL. Key to our approach is the use of Mixup noise to create similar and dissimilar examples by mixing data samples differently either at the input or hidden-state levels. Our results show that DACL not only outperforms other domain-agnostic noising methods, such as Gaussian-noise, but also combines well with domain-specific methods, such as SimCLR.
  arXiv  Detail & Related papers  (2020-11-09T13:41:56Z)
• WaveTransform: Crafting Adversarial Examples via Input Decomposition [69.01794414018603]
  We introduce WaveTransform', that creates adversarial noise corresponding to low-frequency and high-frequency subbands, separately (or in combination) Experiments show that the proposed attack is effective against the defense algorithm and is also transferable across CNNs.
  arXiv  Detail & Related papers  (2020-10-29T17:16:59Z)
• Cross-domain Object Detection through Coarse-to-Fine Feature Adaptation [62.29076080124199]
  This paper proposes a novel coarse-to-fine feature adaptation approach to cross-domain object detection. At the coarse-grained stage, foreground regions are extracted by adopting the attention mechanism, and aligned according to their marginal distributions. At the fine-grained stage, we conduct conditional distribution alignment of foregrounds by minimizing the distance of global prototypes with the same category but from different domains.
  arXiv  Detail & Related papers  (2020-03-23T13:40:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.