Filters








3,680 Hits in 3.4 sec

Boosting Adversarial Attacks with Momentum

Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, Jianguo Li
2018 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition  
To address this issue, we propose a broad class of momentum-based iterative algorithms to boost adversarial attacks.  ...  With this method, we won the first places in NIPS 2017 Non-targeted Adversarial Attack and Targeted Adversarial Attack competitions. * Corresponding author.  ...  In this paper, we propose a broad class of momentum iterative gradient-based methods to boost the success rates of the generated adversarial examples.  ... 
doi:10.1109/cvpr.2018.00957 dblp:conf/cvpr/DongLPS0HL18 fatcat:yfkhgzjrdvccbnxnee5t4w2x4a

Boosting Adversarial Attacks with Momentum [article]

Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, Jianguo Li
2018 arXiv   pre-print
To address this issue, we propose a broad class of momentum-based iterative algorithms to boost adversarial attacks.  ...  With this method, we won the first places in NIPS 2017 Non-targeted Adversarial Attack and Targeted Adversarial Attack competitions.  ...  In this paper, we propose a broad class of momentum iterative gradient-based methods to boost the success rates of the generated adversarial examples.  ... 
arXiv:1710.06081v3 fatcat:fattufyr2zcdtep53ay3zt2lsu

Boosting Adversarial Transferability through Enhanced Momentum [article]

Xiaosen Wang, Jiadong Lin, Han Hu, Jingdong Wang, Kun He
2021 arXiv   pre-print
Many existing adversarial attack methods have achieved great white-box attack performance, but exhibit low transferability when attacking other models.  ...  We also attack several extra advanced defense models under the ensemble-model setting, and the enhancements are remarkable with at least 7.8% on average.  ...  To boost the transferability, several gradient-based adversarial attacks have been proposed. Dong et al. [5] propose to integrate momentum into iterative gradient-based attack. Lin et al.  ... 
arXiv:2103.10609v1 fatcat:rlw6unwe7fc5dbszdexukktoai

Improving Adversarial Transferability with Spatial Momentum [article]

Guoqiu Wang, Xingxing Wei, Huanqian Yan
2022 arXiv   pre-print
Although many adversarial attack methods achieve satisfactory attack success rates under the white-box setting, they usually show poor transferability when attacking other DNN models.  ...  Momentum-based attack (MI-FGSM) is one effective method to improve transferability.  ...  Momentum Iterative Fast Gradient Sign Method (MI-FGSM) (Dong et al. 2018) boosts the transferability of adversarial examples by integrating a momentum term into the iterative attack method to stabilize  ... 
arXiv:2203.13479v1 fatcat:w4ciyzm5cffp7ncvd53ace56xi

Boosting Black-Box Adversarial Attacks with Meta Learning [article]

Junjie Fu
2022 arXiv   pre-print
Furthermore, the MAPs enjoy favorable transferability and universality, in the sense that they can be employed to boost performance of other black-box adversarial attack methods.  ...  In this paper, we propose a hybrid attack method which trains meta adversarial perturbations (MAPs) on surrogate models and performs black-box attacks by estimating gradients of the models.  ...  Conclusions In this paper, we have proposed a new black-box attack method to utilize the meta adversarial perturbations (MAPs) for boosting black-box attack.  ... 
arXiv:2203.14607v1 fatcat:agtdfzkqwjf6doobphv5hkzdua

Sampling-based Fast Gradient Rescaling Method for Highly Transferable Adversarial Attacks [article]

Xu Han, Anmin Liu, Yifeng Xiong, Yanbo Fan, Kun He
2022 arXiv   pre-print
Our method can be used in any gradient-based optimizations and is extensible to be integrated with various input transformation or ensemble methods for further improving the adversarial transferability  ...  Extensive experiments on the standard ImageNet dataset show that our S-FGRM could significantly boost the transferability of gradient-based attacks and outperform the state-of-the-art baselines.  ...  Momentum Iterative Fast Gradient Sign Method (MI-FGSM) [2] introduce the momentum into I-FGSM to boost the adversarial attacks: g t+1 = µg t + ∇ x adv t J(x adv t , y) ||∇ x adv t J(x adv t , y)|| 1  ... 
arXiv:2204.02887v2 fatcat:xsihpr773zgtnk5uqkojrwxydm

Boosting the Transferability of Video Adversarial Examples via Temporal Translation

Zhipeng Wei, Jingjing Chen, Zuxuan Wu, Yu-Gang Jiang
2022 PROCEEDINGS OF THE THIRTIETH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE AND THE TWENTY-EIGHTH INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE  
To this end, we propose to boost the transferability of video adversarial examples for black-box attacks on video recognition models.  ...  Extensive experiments on the Kinetics-400 dataset and the UCF-101 dataset demonstrate that our method can significantly boost the transferability of video adversarial examples.  ...  Momentum Iterative attack (MI Attack) (Dong et al. 2018) integrates the momentum term into the iterative process for stabilizing update directions.  ... 
doi:10.1609/aaai.v36i3.20168 fatcat:ftde7fud2nbirktxgsazgmwveu

A Powerful Transferability Adversarial Examples Generation Method Based on Nesterov Momentum Optimization

Yunfang Chen, Department of Computer Science, Nanjing University of Posts and Telecommunications, China, Qiangchun Liu, Wei Zhang
2020 International Journal of Machine Learning and Computing  
Combined with the momentum and decay factor, the iterative gradient is optimized during the optimization process.  ...  Index Terms-Adversarial examples, attack success rate, powerful transferability, nesterov momentum optimization method.  ...  It is a very big boost for black-box attacks. TABLE II : II THE SUCCESS RATES(%) OF ADVERSARIAL ATTACKS TEST MODEL.  ... 
doi:10.18178/ijmlc.2020.10.3.953 fatcat:f7wic4da6jdw5kz3u3lz7dt4e4

Exploring Transferable and Robust Adversarial Perturbation Generation from the Perspective of Network Hierarchy [article]

Ruikui Wang, Yuanfang Guo, Ruijie Yang, Yunhong Wang
2021 arXiv   pre-print
The transferability and robustness of adversarial examples are two practical yet important properties for black-box adversarial attacks.  ...  the robustness and transferability of the adversarial perturbations.  ...  iterations T ; iterations of baseline attack phase t 1 ; momentum factor µ; the transformation probability p; Output: Final adversarial example X adv T 1: α = /t 1 ; X adv 0 = X 2: g m = 0;h * 0 = 0 3  ... 
arXiv:2108.07033v1 fatcat:d4okvsdl45gq5kp5wto3yvfaiq

Admix: Enhancing the Transferability of Adversarial Attacks [article]

Xiaosen Wang, Xuanran He, Jingdong Wang, Kun He
2021 arXiv   pre-print
Recently, various methods are proposed to boost the adversarial transferability, among which the input transformation is one of the most effective approaches.  ...  attacking nine advanced defense models under ensemble-model setting.  ...  Note that the ensemble-model attack, momentum based attack, and input transformation based attack could be integrated with each other to achieve higher transferability.  ... 
arXiv:2102.00436v3 fatcat:hhwolt3egbeojezfrnx374rbhy

Enhancing the Transferability via Feature-Momentum Adversarial Attack [article]

Xianglong and Yuezun Li and Haipeng Qu and Junyu Dong
2022 arXiv   pre-print
In this paper, we describe a new method called Feature-Momentum Adversarial Attack (FMAA) to further improve transferability.  ...  Transferable adversarial attack has drawn increasing attention due to their practical threaten to real-world applications.  ...  Algorithm 1 Feature Momentum Adversarial Attack Input: classifier F with parameters θ; input image x; perturbation budget ; maximum iteration number T ; featuremomentum weight λ.  ... 
arXiv:2204.10606v1 fatcat:c3wimzbe5zcilnwidrh65sljqi

A Hamiltonian Monte Carlo Method for Probabilistic Adversarial Attack and Learning [article]

Hongjun Wang, Guanbin Li, Xiaobai Liu, Liang Lin
2020 arXiv   pre-print
In this paper, we present an effective method, called Hamiltonian Monte Carlo with Accumulated Momentum (HMCAM), aiming to generate a sequence of adversarial examples.  ...  Most of the existing adversarial attack methods only create a single adversarial example for the input, which just gives a glimpse of the underlying data manifold of adversarial examples.  ...  [10] proposed to add the momentum term into iterative process to boost adversarial attacks, which won the first places in the NIPS 2017 Adversarial Attacks and Defenses Competition.  ... 
arXiv:2010.07849v1 fatcat:yeuv5nd4sreonmhehpxyent3n4

Boosting the Transferability of Video Adversarial Examples via Temporal Translation [article]

Zhipeng Wei, Jingjing Chen, Zuxuan Wu, Yu-Gang Jiang
2021 arXiv   pre-print
To this end, we propose to boost the transferability of video adversarial examples for black-box attacks on video recognition models.  ...  Extensive experiments on the Kinetics-400 dataset and the UCF-101 dataset demonstrate that our method can significantly boost the transferability of video adversarial examples.  ...  Momentum Iterative attack (MI Attack) terns.  ... 
arXiv:2110.09075v2 fatcat:tdg7tfnmdvf2bo32bbeqce2zzi

Defense-guided Transferable Adversarial Attacks [article]

Zifei Zhang, Kai Qiao, Jian Chen, Ningning Liang
2020 arXiv   pre-print
Explicitly, we decrease loss values with inputs' affline transformations as a defense in the minimum procedure, and then increase loss values with the momentum iterative algorithm as an attack in the maximum  ...  Experimentally, we show that our ASR of adversarial attack reaches to 58.38% on average, which outperforms the state-of-the-art method by 12.1% on the normally trained models and by 11.13% on the adversarially  ...  [22] extended momentumbased iterative attacks with momentum to boost adversarial examples' transferability (MIM), which is beneficial to escape from local maximum. Xie et al.  ... 
arXiv:2010.11535v2 fatcat:l7kgqysoararjpyngsqgx23ooi

Task-generalizable Adversarial Attack based on Perceptual Metric [article]

Muzammal Naseer, Salman H. Khan, Shafin Rahman, Fatih Porikli
2019 arXiv   pre-print
to attacker).  ...  Current attack algorithms that seek to enhance adversarial transferability work on the decision level i.e. generate perturbations that alter the network decisions.  ...  NRDM-DIM combines input diversity as well as momentum with NRDM. ' * ' indicates the white-box attacks.  ... 
arXiv:1811.09020v3 fatcat:2ev3legbhrgkxkigc2kcfctg6q
« Previous Showing results 1 — 15 out of 3,680 results