DEFEAT: Decoupled feature attack across deep neural networks. (December 2022)
- Record Type:
- Journal Article
- Title:
- DEFEAT: Decoupled feature attack across deep neural networks. (December 2022)
- Main Title:
- DEFEAT: Decoupled feature attack across deep neural networks
- Authors:
- Huang, Lifeng
Gao, Chengying
Liu, Ning - Abstract:
- Abstract: Adversarial attacks pose a security challenge for deep neural networks, motivating researchers to build various defense methods. Consequently, the performance of black-box attacks turns down under defense scenarios. A significant observation is that some feature-level attacks achieve an excellent success rate to fool undefended models, while their transferability is severely degraded when encountering defenses, which give a false sense of security. In this paper, we explain one possible reason caused this phenomenon is the domain-overfitting effect, which degrades the capabilities of feature perturbed images and makes them hardly fool adversarially trained defenses. To this end, we study a novel feature-level method, referred to as De coupled Fe ature At tack (DEFEAT). Unlike the current attacks that use a round-robin procedure to estimate gradient estimation and update perturbation, DEFEAT decouples adversarial example generation from the optimization process. In the first stage, DEFEAT learns an distribution full of perturbations with high adversarial effects. And it then iteratively samples the noises from learned distribution to assemble adversarial examples. On top of that, we can apply transformations of existing methods into the DEFEAT framework to produce more robust perturbations. We also provide insights into the relationship between transferability and latent features that helps the community to understand the intrinsic mechanism of adversarial attacks.Abstract: Adversarial attacks pose a security challenge for deep neural networks, motivating researchers to build various defense methods. Consequently, the performance of black-box attacks turns down under defense scenarios. A significant observation is that some feature-level attacks achieve an excellent success rate to fool undefended models, while their transferability is severely degraded when encountering defenses, which give a false sense of security. In this paper, we explain one possible reason caused this phenomenon is the domain-overfitting effect, which degrades the capabilities of feature perturbed images and makes them hardly fool adversarially trained defenses. To this end, we study a novel feature-level method, referred to as De coupled Fe ature At tack (DEFEAT). Unlike the current attacks that use a round-robin procedure to estimate gradient estimation and update perturbation, DEFEAT decouples adversarial example generation from the optimization process. In the first stage, DEFEAT learns an distribution full of perturbations with high adversarial effects. And it then iteratively samples the noises from learned distribution to assemble adversarial examples. On top of that, we can apply transformations of existing methods into the DEFEAT framework to produce more robust perturbations. We also provide insights into the relationship between transferability and latent features that helps the community to understand the intrinsic mechanism of adversarial attacks. Extensive experiments evaluated on a variety of black-box models suggest the superiority of DEFEAT, i.e., our method fools defenses at an average success rate of 88.4%, remarkably outperforming state-of-the-art transferable attacks by a large margin of 11.5%. The code is publicly available at https://github.com/mesunhlf/DEFEAT . … (more)
- Is Part Of:
- Neural networks. Volume 156(2022)
- Journal:
- Neural networks
- Issue:
- Volume 156(2022)
- Issue Display:
- Volume 156, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 156
- Issue:
- 2022
- Issue Sort Value:
- 2022-0156-2022-0000
- Page Start:
- 13
- Page End:
- 28
- Publication Date:
- 2022-12
- Subjects:
- Adversarial example -- Transferability -- Black-box -- Feature-level attack -- Defenses
Neural computers -- Periodicals
Neural networks (Computer science) -- Periodicals
Neural networks (Neurobiology) -- Periodicals
Nervous System -- Periodicals
Ordinateurs neuronaux -- Périodiques
Réseaux neuronaux (Informatique) -- Périodiques
Réseaux neuronaux (Neurobiologie) -- Périodiques
Neural computers
Neural networks (Computer science)
Neural networks (Neurobiology)
Periodicals
006.32 - Journal URLs:
- http://www.sciencedirect.com/science/journal/08936080 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.neunet.2022.09.009 ↗
- Languages:
- English
- ISSNs:
- 0893-6080
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 6081.280800
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24323.xml