Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 175 tok/s
Gemini 2.5 Pro 54 tok/s Pro
GPT-5 Medium 38 tok/s Pro
GPT-5 High 37 tok/s Pro
GPT-4o 108 tok/s Pro
Kimi K2 180 tok/s Pro
GPT OSS 120B 447 tok/s Pro
Claude Sonnet 4.5 36 tok/s Pro
2000 character limit reached

Towards Transferable Adversarial Attacks with Centralized Perturbation (2312.06199v2)

Published 11 Dec 2023 in cs.CV, cs.CR, and cs.LG

Abstract: Adversarial transferability enables black-box attacks on unknown victim deep neural networks (DNNs), rendering attacks viable in real-world scenarios. Current transferable attacks create adversarial perturbation over the entire image, resulting in excessive noise that overfit the source model. Concentrating perturbation to dominant image regions that are model-agnostic is crucial to improving adversarial efficacy. However, limiting perturbation to local regions in the spatial domain proves inadequate in augmenting transferability. To this end, we propose a transferable adversarial attack with fine-grained perturbation optimization in the frequency domain, creating centralized perturbation. We devise a systematic pipeline to dynamically constrain perturbation optimization to dominant frequency coefficients. The constraint is optimized in parallel at each iteration, ensuring the directional alignment of perturbation optimization with model prediction. Our approach allows us to centralize perturbation towards sample-specific important frequency features, which are shared by DNNs, effectively mitigating source model overfitting. Experiments demonstrate that by dynamically centralizing perturbation on dominating frequency coefficients, crafted adversarial examples exhibit stronger transferability, and allowing them to bypass various defenses.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (31)
  1. Frequency-Tuned Universal Adversarial Attacks. CoRR, abs/2003.05549.
  2. Boosting Adversarial Attacks With Momentum. In CVPR, 9185–9193. Computer Vision Foundation / IEEE Computer Society.
  3. Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks. In CVPR, 4312–4321. Computer Vision Foundation / IEEE.
  4. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale. In ICLR. OpenReview.net.
  5. Deep Residual Learning in the JPEG Transform Domain. In ICCV, 3483–3492. IEEE.
  6. Explaining and Harnessing Adversarial Examples. In ICLR (Poster).
  7. Low Frequency Adversarial Perturbation. In UAI, volume 115 of Proceedings of Machine Learning Research, 1127–1137. AUAI Press.
  8. Countering Adversarial Images using Input Transformations. In ICLR (Poster). OpenReview.net.
  9. Detecting adversarial examples via prediction difference for deep neural networks. Inf. Sci., 501: 182–192.
  10. Deep Residual Learning for Image Recognition. In CVPR, 770–778. IEEE Computer Society.
  11. Densely Connected Convolutional Networks. In CVPR, 2261–2269. IEEE Computer Society.
  12. Adversarial examples in the physical world. CoRR, abs/1607.02533.
  13. Adversarial Attacks and Defences Competition. CoRR, abs/1804.00097.
  14. Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks. In ICLR. OpenReview.net.
  15. Delving into Transferable Adversarial Examples and Black-box Attacks. In ICLR (Poster). OpenReview.net.
  16. A ConvNet for the 2020s. In CVPR, 11966–11976. IEEE.
  17. Towards Deep Learning Models Resistant to Adversarial Attacks. In ICLR (Poster). OpenReview.net.
  18. A Frequency Perspective of Adversarial Robustness. CoRR, abs/2111.00861.
  19. Adversarial training for free! In NeurIPS, 3353–3364.
  20. On the Effectiveness of Low Frequency Perturbations. In IJCAI, 3389–3396. ijcai.org.
  21. Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR.
  22. Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning. In AAAI, 4278–4284. AAAI Press.
  23. Rethinking the Inception Architecture for Computer Vision. In CVPR, 2818–2826. IEEE Computer Society.
  24. Ensemble Adversarial Training: Attacks and Defenses. In ICLR (Poster). OpenReview.net.
  25. Enhancing the Transferability of Adversarial Attacks Through Variance Tuning. In CVPR, 1924–1933. Computer Vision Foundation / IEEE.
  26. Wightman, R. 2019. PyTorch Image Models. https://github.com/rwightman/pytorch-image-models.
  27. Adversarial Examples Improve Image Recognition. In CVPR, 816–825. Computer Vision Foundation / IEEE.
  28. Improving Transferability of Adversarial Examples With Input Diversity. In CVPR, 2730–2739. Computer Vision Foundation / IEEE.
  29. Structured Adversarial Attack: Towards General Implementation and Better Interpretability. In ICLR (Poster). OpenReview.net.
  30. Trust Region Based Adversarial Attack on Neural Networks. In CVPR, 11350–11359. Computer Vision Foundation / IEEE.
  31. Improving the invisibility of adversarial examples with perceptually adaptive perturbation. Inf. Sci., 635: 126–137.
Citations (6)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up