Download This PaperEnhancing Visual Adversarial Transferability Via Affine Transformation of Intermediate-Level Perturbations
7 Pages Posted: 12 Sep 2024
Abstract
The transferability of adversarial examples across deep neural networks (DNNs) provides an effective method for black-box attacks and poses a severe threat to the applications of DNNs. Recent studies show that making the intermediate-level perturbation (the difference between the intermediate representations of adversarial examples and their corresponding benign examples) less adversarial, e.g., by reducing its magnitude, will improve the alignment of input gradients across substitute and victim models, thereby enhancing the transferability of adversarial examples. In this paper, we introduce an intermediate-level perturbation degradation framework that applies an affine transformation to the intermediate-level perturbation, enabling various degradation methods and thus improving the input gradient alignment. Experimental results show that our method outperforms existing state-of-the-arts on CIFAR-10 and ImageNet when attacking various victim models. Moreover, it can be combined with existing methods to achieve further improvements. Our code will be made publicly available.
Keywords: Deep neural networks, adversarial examples, transferability, generalization ability
Suggested Citation: Suggested Citation