2,904 Hits in 8.1 sec

Improving the Transferability of Adversarial Examples With a Noise Data Enhancement Framework and Random Erasing

Pengfei Xie, Shuhao Shi, Shuai Yang, Kai Qiao, Ningning Liang, Linyuan Wang, Jian Chen, Guoen Hu, Bin Yan
2021 Frontiers in Neurorobotics  
Deep neural networks (DNNs) are proven vulnerable to attack against adversarial examples. Black-box transfer attacks pose a massive threat to AI applications without accessing target models.  ...  At present, the most effective black-box attack methods mainly adopt data enhancement methods, such as input transformation.  ...  Liu et al. (2017) propose a model-ensemble attack method that can effectively attack robust black-box models for adversarial training.  ... 
doi:10.3389/fnbot.2021.784053 pmid:34955802 pmcid:PMC8696674 fatcat:ciyvebrbyrazxkgnnv27d57vfa

Towards Transferable Adversarial Attacks on Vision Transformers [article]

Zhipeng Wei, Jingjing Chen, Micah Goldblum, Zuxuan Wu, Tom Goldstein, Yu-Gang Jiang
2022 arXiv   pre-print
In this paper, we posit that adversarial attacks on transformers should be specially tailored for their architecture, jointly considering both patches and self-attention, in order to achieve high transferability  ...  We show that skipping the gradients of attention during backpropagation can generate adversarial examples with high transferability.  ...  Transfer-based attacks generate adversarial examples on white-box models with the intent that the attacked samples will also be effective against black-box models.  ... 
arXiv:2109.04176v3 fatcat:pme722wdh5f2tk77dj2qf54ktq

Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks [article]

Yinpeng Dong, Tianyu Pang, Hang Su, Jun Zhu
2019 arXiv   pre-print
An intriguing property of adversarial examples is their good transferability, making black-box attacks feasible in real-world applications.  ...  In this paper, we propose a translation-invariant attack method to generate more transferable adversarial examples against the defense models.  ...  We resort to transferable adversarial examples which are generated for a different white-box classifier but have high transferability for black-box attacks.  ... 
arXiv:1904.02884v1 fatcat:nmzv44su5zcvvcxspnmvsrg7ta

Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks [article]

Jiadong Lin, Chuanbiao Song, Kun He, Liwei Wang, John E. Hopcroft
2020 arXiv   pre-print
However, under the black-box setting, most existing adversaries often have a poor transferability to attack other defense models.  ...  as to avoid "overfitting" on the white-box model being attacked and generate more transferable adversarial examples.  ...  ACKNOWLEDGMENTS This work is supported by the Fundamental Research Funds for the Central Universities (2019kfyXKJC021).  ... 
arXiv:1908.06281v5 fatcat:u4ctoglpkzhv3gmtplqsu7cw4u

Exploring Transferable and Robust Adversarial Perturbation Generation from the Perspective of Network Hierarchy [article]

Ruikui Wang, Yuanfang Guo, Ruijie Yang, Yunhong Wang
2021 arXiv   pre-print
The transferability and robustness of adversarial examples are two practical yet important properties for black-box adversarial attacks.  ...  Specifically, we propose the dynamically guided mechanism to continuously calculate accurate directional guidances for perturbation generation in the intermediate stage.  ...  In general, the adversarial perturbation generation (i.e., adversarial attack) methods can be classified into two categories: white-box attacks and black-box attacks.  ... 
arXiv:2108.07033v1 fatcat:d4okvsdl45gq5kp5wto3yvfaiq

Improving the Robustness of Adversarial Attacks Using an Affine-Invariant Gradient Estimator [article]

Wenzhao Xiang, Hang Su, Chang Liu, Yandong Guo, Shibao Zheng
2022 arXiv   pre-print
To help DNNs learn to defend themselves more thoroughly against attacks, we propose an affine-invariant adversarial attack, which can consistently produce more robust adversarial examples over affine transformations  ...  For practical purposes, maintaining that malicious functionality serves as an important measure of the robustness of adversarial attacks.  ...  Discussion From a traditional perspective, affine invariance and black-box transferability of adversarial examples are two completely unrelated concepts.  ... 
arXiv:2109.05820v2 fatcat:krirn3o7wfg7zmw5hxlf4uhbqe

Sampling-based Fast Gradient Rescaling Method for Highly Transferable Adversarial Attacks [article]

Xu Han, Anmin Liu, Yifeng Xiong, Yanbo Fan, Kun He
2022 arXiv   pre-print
After achieving impressive attack success rates in the white-box setting, more focus is shifted to black-box attacks.  ...  Deviation between the original gradient and the generated noises may lead to inaccurate gradient update estimation and suboptimal solutions for adversarial transferability, which is crucial for black-box  ...  for real-world black-box attacks [33, 22] .  ... 
arXiv:2204.02887v2 fatcat:xsihpr773zgtnk5uqkojrwxydm

Improving Adversarial Transferability via Neuron Attribution-Based Attacks [article]

Jianping Zhang, Weibin Wu, Jen-tse Huang, Yizhan Huang, Wenxuan Wang, Yuxin Su, Michael R. Lyu
2022 arXiv   pre-print
Deep neural networks (DNNs) are known to be vulnerable to adversarial examples.  ...  To efficiently tackle the black-box setting where the target model's particulars are unknown, feature-level transfer-based attacks propose to contaminate the intermediate feature outputs of local models  ...  black-box adversarial attacks.  ... 
arXiv:2204.00008v1 fatcat:6x7inpacbzd5zkzuyrcqo5haam

Enhance Domain-Invariant Transferability of Adversarial Examples via Distance Metric Attack

Jin Zhang, Wenyu Peng, Ruxin Wang, Yu Lin, Wei Zhou, Ge Lan
2022 Mathematics  
., black-box attack) is the attack transferability of adversarial examples across different models.  ...  With the help of a simple loss, DMA can effectively enhance the domain-invariant transferability (for both the task-specific case and the cross-task case) of the adversarial examples.  ...  The transferability of the adversarial example motivates the black-box attacks.  ... 
doi:10.3390/math10081249 fatcat:5k56zxyhtre4fbhzhdqro3gmnu

Person Re-identification Method Based on Color Attack and Joint Defence [article]

Yunpeng Gong, Liqing Huang, Lifei Chen
2022 arXiv   pre-print
Based on this observation, we first propose a local transformation attack (LTA) based on color variation.  ...  Passive defense exploits the invariance of contour feature during image scaling to mitigate the adversarial disturbance on contour feature.  ...  For the same attack, the success rate of white-box attack is higher than black-box attacks. There are some metric attack methods proposed in ReID.  ... 
arXiv:2111.09571v4 fatcat:ur5yo26mdnfjlctcss4mvkact4

Feature Importance-aware Transferable Adversarial Attacks [article]

Zhibo Wang, Hengchang Guo, Zhifei Zhang, Wenxin Liu, Zhan Qin, Kui Ren
2022 arXiv   pre-print
Transferability of adversarial examples is of central importance for attacking an unknown model, which facilitates adversarial attacks in more practical scenarios, e.g., black-box attacks.  ...  Finally, the feature importance guides to search for adversarial examples towards disrupting critical features, achieving stronger transferability.  ...  National Natural Science of China (Grants No. 62122066, U20A20182, 61872274, U20A20178, 62032021, and 62072395), National Key R&D Program of China (Grant No. 2020AAA0107705), the Fundamental Research Funds for  ... 
arXiv:2107.14185v3 fatcat:ztj5fftupbgb3kn5unkordl544

Novel Exploit Feature-Map-Based Detection of Adversarial Attacks

Ali Saeed Almuflih, Dhairya Vyas, Viral V. Kapdia, Mohamed Rafik Noor Mohamed Qureshi, Karishma Mohamed Rafik Qureshi, Elaf Abdullah Makkawi
2022 Applied Sciences  
When checked with different networks like VGGNet19 and ResNet50, in both white-box and black-box attack situations, the unique exploit feature-map significantly improves the state-of-the-art in adversarial  ...  As a result, adversarial assaults against image categorization systems may present obstacles and possibilities for studying convolutional neural networks (CNNs).  ...  for their constant inspiration and encouragement.  ... 
doi:10.3390/app12105161 doaj:624af8e8ee804817970eb818b72f63ee fatcat:fe3ixndmizgnldrycv6tbaidve

Frequency Domain Model Augmentation for Adversarial Attack [article]

Yuyang Long, Qilong Zhang, Boheng Zeng, Lianli Gao, Xianglong Liu, Jian Zhang, Jingkuan Song
2022 arXiv   pre-print
For black-box attacks, the gap between the substitute model and the victim model is usually large, which manifests as a weak attack performance.  ...  To tackle this issue, we propose a novel spectrum simulation attack to craft more transferable adversarial examples against both normally trained and defense models.  ...  Typically, an adversary crafts adversarial examples via a substitute model (a.k.a. white-box model), and then transfers them to a victim model (a.k.a. black-box model) for attacking.  ... 
arXiv:2207.05382v1 fatcat:5vh4wrj5rze45dvq424b7gq4re

The art of defense: letting networks fool the attacker [article]

Jinlai Zhang, Yinpeng Dong, Binbin Liu, Bo Ouyang, Jihong Zhu, Minchi Kuang, Houqing Wang, Yanmei Meng
2022 arXiv   pre-print
Based on this nature, we design invariant transformations defense (IT-Defense).  ...  We show that, even after accounting for obfuscated gradients, our IT-Defense is a resilient defense against state-of-the-art (SOTA) 3D attacks.  ...  Which can be summarized as white-box attacks and black-box attacks [10] . Most attacks in whitebox setting are based on the input gradient.  ... 
arXiv:2104.02963v3 fatcat:fyn25cz2yzgijel2k2tgknmetu

Push Stricter to Decide Better: A Class-Conditional Feature Adaptive Framework for Improving Adversarial Robustness [article]

Jia-Li Yin, Lehui Xie, Wanqing Zhu, Ximeng Liu, Bo-Hao Chen
2021 arXiv   pre-print
In response to the threat of adversarial examples, adversarial training provides an attractive option for enhancing the model robustness by training models on online-augmented adversarial examples.  ...  Specifically, we propose to incorporate a class-conditional discriminator to encourage the features become (1) class-discriminative and (2) invariant to the change of adversarial attacks.  ...  Black-box transfer attacks.  ... 
arXiv:2112.00323v1 fatcat:qf4vdsli6jbadhruy2kan7nfau
« Previous Showing results 1 — 15 out of 2,904 results