Improving transferable adversarial attack via feature-momentum. Issue 128 (May 2023)
- Record Type:
- Journal Article
- Title:
- Improving transferable adversarial attack via feature-momentum. Issue 128 (May 2023)
- Main Title:
- Improving transferable adversarial attack via feature-momentum
- Authors:
- He, Xianglong
Li, Yuezun
Qu, Haipeng
Dong, Junyu - Abstract:
- Abstract: Transferable adversarial attackusing adversarial perturbations made on known models to attack unknown modelshas made significant progress in recent years. The feature-level adversarial approach, in particular, is one of the most common solutions and can improve transferability by disrupting intermediate features, regardless of the task-specific loss objectives. Once the intermediate features are disrupted, the subsequent prediction will naturally go wrong. To accomplish this, the existing methods often start an attack by creating a guidance map on features that shows the importance level of each feature element, and then they use an iterative strategy to disrupt the features based on the guidance map. However, the drawback of existing methods is that the guidance map is always fixed in iterations, which can not consistently reflect the importance of feature elements, limiting the performance of the attack consequently. In this paper, we describe a new method called Feature-Momentum Adversarial Attack (FMAA) to enhance transferability. The key idea is that we estimate a guidance map dynamically at each iteration using a momentum-style approach to effectively disturb the features. Extensive experiments demonstrate that our method significantly outperforms other state-of-the-art methods by a large margin on different target models.
- Is Part Of:
- Computers & security. Issue 128(2023)
- Journal:
- Computers & security
- Issue:
- Issue 128(2023)
- Issue Display:
- Volume 128, Issue 128 (2023)
- Year:
- 2023
- Volume:
- 128
- Issue:
- 128
- Issue Sort Value:
- 2023-0128-0128-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-05
- Subjects:
- DNN Security -- Transferable adversarial attack -- Feature-level attack -- DNN robustness -- Image classification
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2023.103135 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 26828.xml