AutoAugment Input Transformation for Highly Transferable Targeted Attacks
Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to adversarial examples, wherein imperceptible perturbations are added to clean examples through diverse input transformation attacks. However, these methods originally designed for non-targeted attacks exhibit low success rates i...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | |
container_volume | |
creator | Lu, Haobo Liu, Xin He, Kun |
description | Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to
adversarial examples, wherein imperceptible perturbations are added to clean
examples through diverse input transformation attacks. However, these methods
originally designed for non-targeted attacks exhibit low success rates in
targeted attacks. Recent targeted adversarial attacks mainly pay attention to
gradient optimization, attempting to find the suitable perturbation direction.
However, few of them are dedicated to input transformation.In this work, we
observe a positive correlation between the logit/probability of the target
class and diverse input transformation methods in targeted attacks. To this
end, we propose a novel targeted adversarial attack called AutoAugment Input
Transformation (AAIT). Instead of relying on hand-made strategies, AAIT
searches for the optimal transformation policy from a transformation space
comprising various operations. Then, AAIT crafts adversarial examples using the
found optimal transformation policy to boost the adversarial transferability in
targeted attacks. Extensive experiments conducted on CIFAR-10 and
ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other
transfer-based targeted attacks significantly. |
doi_str_mv | 10.48550/arxiv.2312.14218 |
format | Article |
fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2312_14218</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2312_14218</sourcerecordid><originalsourceid>FETCH-LOGICAL-a678-78df96e425f71bd774cc33e85eef7b2f055a99c0134b3375d4f56e096033c3263</originalsourceid><addsrcrecordid>eNotz8tKxDAYBeBsXMjoA7iavEBrkj-3LsugTmHATfclTf_UYi9Dmorz9uo4q3PgwIGPkCfOcmmVYs8ufg9fuQAuci4Ft_ekKre0lFs_4ZxoNZ-3ROvo5jUscXJpWGb62-hx6D_Gy23B6NoRae1ijwk7Wqbk_Of6QO6CG1d8vOWO1K8v9eGYnd7fqkN5ypw2NjO2C4VGKVQwvO2Mkd4DoFWIwbQiMKVcUXjGQbYARnUyKI2s0AzAg9CwI_v_26ulOcdhcvHS_Jmaqwl-AD4MRv0</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</title><source>arXiv.org</source><creator>Lu, Haobo ; Liu, Xin ; He, Kun</creator><creatorcontrib>Lu, Haobo ; Liu, Xin ; He, Kun</creatorcontrib><description>Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to
adversarial examples, wherein imperceptible perturbations are added to clean
examples through diverse input transformation attacks. However, these methods
originally designed for non-targeted attacks exhibit low success rates in
targeted attacks. Recent targeted adversarial attacks mainly pay attention to
gradient optimization, attempting to find the suitable perturbation direction.
However, few of them are dedicated to input transformation.In this work, we
observe a positive correlation between the logit/probability of the target
class and diverse input transformation methods in targeted attacks. To this
end, we propose a novel targeted adversarial attack called AutoAugment Input
Transformation (AAIT). Instead of relying on hand-made strategies, AAIT
searches for the optimal transformation policy from a transformation space
comprising various operations. Then, AAIT crafts adversarial examples using the
found optimal transformation policy to boost the adversarial transferability in
targeted attacks. Extensive experiments conducted on CIFAR-10 and
ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other
transfer-based targeted attacks significantly.</description><identifier>DOI: 10.48550/arxiv.2312.14218</identifier><language>eng</language><subject>Computer Science - Computer Vision and Pattern Recognition</subject><creationdate>2023-12</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2312.14218$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2312.14218$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Lu, Haobo</creatorcontrib><creatorcontrib>Liu, Xin</creatorcontrib><creatorcontrib>He, Kun</creatorcontrib><title>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</title><description>Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to
adversarial examples, wherein imperceptible perturbations are added to clean
examples through diverse input transformation attacks. However, these methods
originally designed for non-targeted attacks exhibit low success rates in
targeted attacks. Recent targeted adversarial attacks mainly pay attention to
gradient optimization, attempting to find the suitable perturbation direction.
However, few of them are dedicated to input transformation.In this work, we
observe a positive correlation between the logit/probability of the target
class and diverse input transformation methods in targeted attacks. To this
end, we propose a novel targeted adversarial attack called AutoAugment Input
Transformation (AAIT). Instead of relying on hand-made strategies, AAIT
searches for the optimal transformation policy from a transformation space
comprising various operations. Then, AAIT crafts adversarial examples using the
found optimal transformation policy to boost the adversarial transferability in
targeted attacks. Extensive experiments conducted on CIFAR-10 and
ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other
transfer-based targeted attacks significantly.</description><subject>Computer Science - Computer Vision and Pattern Recognition</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz8tKxDAYBeBsXMjoA7iavEBrkj-3LsugTmHATfclTf_UYi9Dmorz9uo4q3PgwIGPkCfOcmmVYs8ufg9fuQAuci4Ft_ekKre0lFs_4ZxoNZ-3ROvo5jUscXJpWGb62-hx6D_Gy23B6NoRae1ijwk7Wqbk_Of6QO6CG1d8vOWO1K8v9eGYnd7fqkN5ypw2NjO2C4VGKVQwvO2Mkd4DoFWIwbQiMKVcUXjGQbYARnUyKI2s0AzAg9CwI_v_26ulOcdhcvHS_Jmaqwl-AD4MRv0</recordid><startdate>20231221</startdate><enddate>20231221</enddate><creator>Lu, Haobo</creator><creator>Liu, Xin</creator><creator>He, Kun</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20231221</creationdate><title>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</title><author>Lu, Haobo ; Liu, Xin ; He, Kun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a678-78df96e425f71bd774cc33e85eef7b2f055a99c0134b3375d4f56e096033c3263</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Computer Vision and Pattern Recognition</topic><toplevel>online_resources</toplevel><creatorcontrib>Lu, Haobo</creatorcontrib><creatorcontrib>Liu, Xin</creatorcontrib><creatorcontrib>He, Kun</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lu, Haobo</au><au>Liu, Xin</au><au>He, Kun</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>AutoAugment Input Transformation for Highly Transferable Targeted Attacks</atitle><date>2023-12-21</date><risdate>2023</risdate><abstract>Deep Neural Networks (DNNs) are widely acknowledged to be susceptible to
adversarial examples, wherein imperceptible perturbations are added to clean
examples through diverse input transformation attacks. However, these methods
originally designed for non-targeted attacks exhibit low success rates in
targeted attacks. Recent targeted adversarial attacks mainly pay attention to
gradient optimization, attempting to find the suitable perturbation direction.
However, few of them are dedicated to input transformation.In this work, we
observe a positive correlation between the logit/probability of the target
class and diverse input transformation methods in targeted attacks. To this
end, we propose a novel targeted adversarial attack called AutoAugment Input
Transformation (AAIT). Instead of relying on hand-made strategies, AAIT
searches for the optimal transformation policy from a transformation space
comprising various operations. Then, AAIT crafts adversarial examples using the
found optimal transformation policy to boost the adversarial transferability in
targeted attacks. Extensive experiments conducted on CIFAR-10 and
ImageNet-Compatible datasets demonstrate that the proposed AAIT surpasses other
transfer-based targeted attacks significantly.</abstract><doi>10.48550/arxiv.2312.14218</doi><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | DOI: 10.48550/arxiv.2312.14218 |
ispartof | |
issn | |
language | eng |
recordid | cdi_arxiv_primary_2312_14218 |
source | arXiv.org |
subjects | Computer Science - Computer Vision and Pattern Recognition |
title | AutoAugment Input Transformation for Highly Transferable Targeted Attacks |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T03%3A02%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=AutoAugment%20Input%20Transformation%20for%20Highly%20Transferable%20Targeted%20Attacks&rft.au=Lu,%20Haobo&rft.date=2023-12-21&rft_id=info:doi/10.48550/arxiv.2312.14218&rft_dat=%3Carxiv_GOX%3E2312_14218%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |