Enhancing adversarial transferability with local transformation
Abstract Robust deep learning models have demonstrated significant applicability in real-world scenarios. The utilization of adversarial attacks plays a crucial role in assessing the robustness of these models. Among such attacks, transfer-based attacks, which leverage white-box models to generate a...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2024-11-01
|
| Series: | Complex & Intelligent Systems |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s40747-024-01628-4 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832571142681919488 |
|---|---|
| author | Yang Zhang Jinbang Hong Qing Bai Haifeng Liang Peican Zhu Qun Song |
| author_facet | Yang Zhang Jinbang Hong Qing Bai Haifeng Liang Peican Zhu Qun Song |
| author_sort | Yang Zhang |
| collection | DOAJ |
| description | Abstract Robust deep learning models have demonstrated significant applicability in real-world scenarios. The utilization of adversarial attacks plays a crucial role in assessing the robustness of these models. Among such attacks, transfer-based attacks, which leverage white-box models to generate adversarial examples, have garnered considerable attention. These transfer-based attacks have demonstrated remarkable efficiency, particularly under the black-box setting. Notably, existing transfer attacks often exploit input transformations to amplify their effectiveness. However, prevailing input transformation-based methods typically modify input images indiscriminately, overlooking regional disparities. To bolster the transferability of adversarial examples, we propose the Local Transformation Attack (LTA) based on forward class activation maps. Specifically, we first obtain future examples through accumulated momentum and compute forward class activation maps. Subsequently, we utilize these maps to identify crucial areas and apply pixel scaling for transformation. Finally, we update the adversarial examples by using the average gradient of the transformed image. Extensive experiments convincingly demonstrate the effectiveness of our proposed LTA. Compared to the current state-of-the-art attack approaches, LTA achieves an increase of 7.9% in black-box attack performance. Particularly, in the case of ensemble attacks, our method achieved an average attack success rate of 98.3%. |
| format | Article |
| id | doaj-art-099cce3723d1447ca8dc35ff9df426bf |
| institution | Kabale University |
| issn | 2199-4536 2198-6053 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | Springer |
| record_format | Article |
| series | Complex & Intelligent Systems |
| spelling | doaj-art-099cce3723d1447ca8dc35ff9df426bf2025-02-02T12:48:44ZengSpringerComplex & Intelligent Systems2199-45362198-60532024-11-0111111310.1007/s40747-024-01628-4Enhancing adversarial transferability with local transformationYang Zhang0Jinbang Hong1Qing Bai2Haifeng Liang3Peican Zhu4Qun Song5School of Optoelectronic Engineering, Xi’an Technological UniversitySchool of Computer Science, Northwestern Polytechnical University (NWPU)North Electroo-Optic CO. LTDSchool of Optoelectronic Engineering, Xi’an Technological UniversitySchool of Artificial Intelligence, Optics and Electronics (iOPEN), NWPUSchool of Automation, NWPUAbstract Robust deep learning models have demonstrated significant applicability in real-world scenarios. The utilization of adversarial attacks plays a crucial role in assessing the robustness of these models. Among such attacks, transfer-based attacks, which leverage white-box models to generate adversarial examples, have garnered considerable attention. These transfer-based attacks have demonstrated remarkable efficiency, particularly under the black-box setting. Notably, existing transfer attacks often exploit input transformations to amplify their effectiveness. However, prevailing input transformation-based methods typically modify input images indiscriminately, overlooking regional disparities. To bolster the transferability of adversarial examples, we propose the Local Transformation Attack (LTA) based on forward class activation maps. Specifically, we first obtain future examples through accumulated momentum and compute forward class activation maps. Subsequently, we utilize these maps to identify crucial areas and apply pixel scaling for transformation. Finally, we update the adversarial examples by using the average gradient of the transformed image. Extensive experiments convincingly demonstrate the effectiveness of our proposed LTA. Compared to the current state-of-the-art attack approaches, LTA achieves an increase of 7.9% in black-box attack performance. Particularly, in the case of ensemble attacks, our method achieved an average attack success rate of 98.3%.https://doi.org/10.1007/s40747-024-01628-4Deep neural networksAdversarial examplesTransferable attackAdversarial transferability |
| spellingShingle | Yang Zhang Jinbang Hong Qing Bai Haifeng Liang Peican Zhu Qun Song Enhancing adversarial transferability with local transformation Complex & Intelligent Systems Deep neural networks Adversarial examples Transferable attack Adversarial transferability |
| title | Enhancing adversarial transferability with local transformation |
| title_full | Enhancing adversarial transferability with local transformation |
| title_fullStr | Enhancing adversarial transferability with local transformation |
| title_full_unstemmed | Enhancing adversarial transferability with local transformation |
| title_short | Enhancing adversarial transferability with local transformation |
| title_sort | enhancing adversarial transferability with local transformation |
| topic | Deep neural networks Adversarial examples Transferable attack Adversarial transferability |
| url | https://doi.org/10.1007/s40747-024-01628-4 |
| work_keys_str_mv | AT yangzhang enhancingadversarialtransferabilitywithlocaltransformation AT jinbanghong enhancingadversarialtransferabilitywithlocaltransformation AT qingbai enhancingadversarialtransferabilitywithlocaltransformation AT haifengliang enhancingadversarialtransferabilitywithlocaltransformation AT peicanzhu enhancingadversarialtransferabilitywithlocaltransformation AT qunsong enhancingadversarialtransferabilitywithlocaltransformation |