AutoAugment Input Transformation for Highly Transferable Targeted Attacks

Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to adversarial examples, wherein imperceptible perturbations are added to clean examples through diverse input transformation attacks. However, these methods originally designed for non-targeted attacks exhibit low success rates i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Lu, Haobo, Liu, Xin, He, Kun
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Lu, Haobo
Liu, Xin
He, Kun
description Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to adversarial examples, wherein imperceptible perturbations are added to clean examples through diverse input transformation attacks. However, these methods originally designed for non-targeted attacks exhibit low success rates in targeted attacks. Recent targeted adversarial attacks mainly pay attention to gradient optimization, attempting to find the suitable perturbation direction. However, few of them are dedicated to input transformation.In this work, we observe a positive correlation between the logit/probability of the target class and diverse input transformation methods in targeted attacks. To this end, we propose a novel targeted adversarial attack called AutoAugment Input Transformation (AAIT). Instead of relying on hand-made strategies, AAIT searches for the optimal transformation policy from a transformation space comprising various operations. Then, AAIT crafts adversarial examples using the found optimal transformation policy to boost the adversarial transferability in targeted attacks. Extensive experiments conducted on CIFAR-10 and ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other transfer-based targeted attacks significantly.
doi_str_mv 10.48550/arxiv.2312.14218
format Article
fullrecord <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2312_14218</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2312_14218</sourcerecordid><originalsourceid>FETCH-LOGICAL-a678-78df96e425f71bd774cc33e85eef7b2f055a99c0134b3375d4f56e096033c3263</originalsourceid><addsrcrecordid>eNotz8tKxDAYBeBsXMjoA7iavEBrkj-3LsugTmHATfclTf_UYi9Dmorz9uo4q3PgwIGPkCfOcmmVYs8ufg9fuQAuci4Ft_ekKre0lFs_4ZxoNZ-3ROvo5jUscXJpWGb62-hx6D_Gy23B6NoRae1ijwk7Wqbk_Of6QO6CG1d8vOWO1K8v9eGYnd7fqkN5ypw2NjO2C4VGKVQwvO2Mkd4DoFWIwbQiMKVcUXjGQbYARnUyKI2s0AzAg9CwI_v_26ulOcdhcvHS_Jmaqwl-AD4MRv0</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</title><source>arXiv.org</source><creator>Lu, Haobo ; Liu, Xin ; He, Kun</creator><creatorcontrib>Lu, Haobo ; Liu, Xin ; He, Kun</creatorcontrib><description>Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to adversarial examples, wherein imperceptible perturbations are added to clean examples through diverse input transformation attacks. However, these methods originally designed for non-targeted attacks exhibit low success rates in targeted attacks. Recent targeted adversarial attacks mainly pay attention to gradient optimization, attempting to find the suitable perturbation direction. However, few of them are dedicated to input transformation.In this work, we observe a positive correlation between the logit/probability of the target class and diverse input transformation methods in targeted attacks. To this end, we propose a novel targeted adversarial attack called AutoAugment Input Transformation (AAIT). Instead of relying on hand-made strategies, AAIT searches for the optimal transformation policy from a transformation space comprising various operations. Then, AAIT crafts adversarial examples using the found optimal transformation policy to boost the adversarial transferability in targeted attacks. Extensive experiments conducted on CIFAR-10 and ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other transfer-based targeted attacks significantly.</description><identifier>DOI: 10.48550/arxiv.2312.14218</identifier><language>eng</language><subject>Computer Science - Computer Vision and Pattern Recognition</subject><creationdate>2023-12</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2312.14218$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2312.14218$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Lu, Haobo</creatorcontrib><creatorcontrib>Liu, Xin</creatorcontrib><creatorcontrib>He, Kun</creatorcontrib><title>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</title><description>Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to adversarial examples, wherein imperceptible perturbations are added to clean examples through diverse input transformation attacks. However, these methods originally designed for non-targeted attacks exhibit low success rates in targeted attacks. Recent targeted adversarial attacks mainly pay attention to gradient optimization, attempting to find the suitable perturbation direction. However, few of them are dedicated to input transformation.In this work, we observe a positive correlation between the logit/probability of the target class and diverse input transformation methods in targeted attacks. To this end, we propose a novel targeted adversarial attack called AutoAugment Input Transformation (AAIT). Instead of relying on hand-made strategies, AAIT searches for the optimal transformation policy from a transformation space comprising various operations. Then, AAIT crafts adversarial examples using the found optimal transformation policy to boost the adversarial transferability in targeted attacks. Extensive experiments conducted on CIFAR-10 and ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other transfer-based targeted attacks significantly.</description><subject>Computer Science - Computer Vision and Pattern Recognition</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz8tKxDAYBeBsXMjoA7iavEBrkj-3LsugTmHATfclTf_UYi9Dmorz9uo4q3PgwIGPkCfOcmmVYs8ufg9fuQAuci4Ft_ekKre0lFs_4ZxoNZ-3ROvo5jUscXJpWGb62-hx6D_Gy23B6NoRae1ijwk7Wqbk_Of6QO6CG1d8vOWO1K8v9eGYnd7fqkN5ypw2NjO2C4VGKVQwvO2Mkd4DoFWIwbQiMKVcUXjGQbYARnUyKI2s0AzAg9CwI_v_26ulOcdhcvHS_Jmaqwl-AD4MRv0</recordid><startdate>20231221</startdate><enddate>20231221</enddate><creator>Lu, Haobo</creator><creator>Liu, Xin</creator><creator>He, Kun</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20231221</creationdate><title>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</title><author>Lu, Haobo ; Liu, Xin ; He, Kun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a678-78df96e425f71bd774cc33e85eef7b2f055a99c0134b3375d4f56e096033c3263</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Computer Vision and Pattern Recognition</topic><toplevel>online_resources</toplevel><creatorcontrib>Lu, Haobo</creatorcontrib><creatorcontrib>Liu, Xin</creatorcontrib><creatorcontrib>He, Kun</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lu, Haobo</au><au>Liu, Xin</au><au>He, Kun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</atitle><date>2023-12-21</date><risdate>2023</risdate><abstract>Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to adversarial examples, wherein imperceptible perturbations are added to clean examples through diverse input transformation attacks. However, these methods originally designed for non-targeted attacks exhibit low success rates in targeted attacks. Recent targeted adversarial attacks mainly pay attention to gradient optimization, attempting to find the suitable perturbation direction. However, few of them are dedicated to input transformation.In this work, we observe a positive correlation between the logit/probability of the target class and diverse input transformation methods in targeted attacks. To this end, we propose a novel targeted adversarial attack called AutoAugment Input Transformation (AAIT). Instead of relying on hand-made strategies, AAIT searches for the optimal transformation policy from a transformation space comprising various operations. Then, AAIT crafts adversarial examples using the found optimal transformation policy to boost the adversarial transferability in targeted attacks. Extensive experiments conducted on CIFAR-10 and ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other transfer-based targeted attacks significantly.</abstract><doi>10.48550/arxiv.2312.14218</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier DOI: 10.48550/arxiv.2312.14218
ispartof
issn
language eng
recordid cdi_arxiv_primary_2312_14218
source arXiv.org
subjects Computer Science - Computer Vision and Pattern Recognition
title AutoAugment Input Transformation for Highly Transferable Targeted Attacks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T03%3A02%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=AutoAugment%20Input%20Transformation%20for%20Highly%20Transferable%20Targeted%20Attacks&rft.au=Lu,%20Haobo&rft.date=2023-12-21&rft_id=info:doi/10.48550/arxiv.2312.14218&rft_dat=%3Carxiv_GOX%3E2312_14218%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true