Toward Understanding and Boosting Adversarial Transferability From a Distribution Perspective
文献类型:期刊论文
| 作者 | Zhu, Yao8; Chen, Yuefeng7; Li, Xiaodan7; Chen, Kejiang6; He, Yuan7; Tian, Xiang5,8; Zheng, Bolun4; Chen, Yaowu3,8; Huang, Qingming1,2 |
| 刊名 | IEEE TRANSACTIONS ON IMAGE PROCESSING
 |
| 出版日期 | 2022 |
| 卷号 | 31页码:6487-6501 |
| ISSN号 | 1057-7149 |
| 关键词 | Data models Perturbation methods Iterative methods Training Distributed databases Predictive models Neural networks Adversarial transferability adversarial attack black-box attack |
| DOI | 10.1109/TIP.2022.3211736 |
| 英文摘要 | Transferable adversarial attacks against Deep neural networks (DNNs) have received broad attention in recent years. An adversarial example can be crafted by a surrogate model and then attack the unknown target model successfully, which brings a severe threat to DNNs. The exact underlying reasons for the transferability are still not completely understood. Previous work mostly explores the causes from the model perspective, e.g., decision boundary, model architecture, and model capacity. Here, we investigate the transferability from the data distribution perspective and hypothesize that pushing the image away from its original distribution can enhance the adversarial transferability. To be specific, moving the image out of its original distribution makes different models hardly classify the image correctly, which benefits the untargeted attack, and dragging the image into the target distribution misleads the models to classify the image as the target class, which benefits the targeted attack. Towards this end, we propose a novel method that crafts adversarial examples by manipulating the distribution of the image. We conduct comprehensive transferable attacks against multiple DNNs to demonstrate the effectiveness of the proposed method. Our method can significantly improve the transferability of the crafted attacks and achieves state-of-the-art performance in both untargeted and targeted scenarios, surpassing the previous best method by up to 40% in some cases. In summary, our work provides new insight into studying adversarial transferability and provides a strong counterpart for future research on adversarial defense. |
| 资助项目 | Fundamental Research Funds for the Central Universities ; Alibaba Group through Alibaba Research Intern Program ; Natural Science Foundation of China[62102386] |
| WOS研究方向 | Computer Science ; Engineering |
| 语种 | 英语 |
| 出版者 | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC |
| WOS记录号 | WOS:000871032400005 |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/19762]  |
| 专题 | 中国科学院计算技术研究所期刊论文 |
| 通讯作者 | Tian, Xiang; Zheng, Bolun |
| 作者单位 | 1.Chinese Acad Sci, Key Lab Intelligent Informat Proc, Beijing 100045, Peoples R China 2.Univ Chinese Acad Sci, Sch Comp Sci & Technol, Beijing 101408, Peoples R China 3.Zhejiang Univ, Embedded Syst Engn Res Ctr, Minist Educ China, Hangzhou 310027, Peoples R China 4.Hangzhou Dianzi Univ, Sch Automat, Hangzhou 310018, Peoples R China 5.Zhejiang Prov Key Lab Network Multimedia Technol, Hangzhou 310027, Peoples R China 6.Univ Sci & Technol China, CAS Key Lab Electromagnet Space Informat, Hefei 230052, Peoples R China 7.Secur Dept Alibaba Grp, Hangzhou 311121, Peoples R China 8.Zhejiang Univ, Coll Biomed Engn & Instrument Sci, Hangzhou 310027, Peoples R China |
| 推荐引用方式 GB/T 7714 | Zhu, Yao,Chen, Yuefeng,Li, Xiaodan,et al. Toward Understanding and Boosting Adversarial Transferability From a Distribution Perspective[J]. IEEE TRANSACTIONS ON IMAGE PROCESSING,2022,31:6487-6501. |
| APA | Zhu, Yao.,Chen, Yuefeng.,Li, Xiaodan.,Chen, Kejiang.,He, Yuan.,...&Huang, Qingming.(2022).Toward Understanding and Boosting Adversarial Transferability From a Distribution Perspective.IEEE TRANSACTIONS ON IMAGE PROCESSING,31,6487-6501. |
| MLA | Zhu, Yao,et al."Toward Understanding and Boosting Adversarial Transferability From a Distribution Perspective".IEEE TRANSACTIONS ON IMAGE PROCESSING 31(2022):6487-6501. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。