Generating Adversarial Examples withControllable Non-transferability

07/02/2020
by   Renzhi Wang, et al.
0

Adversarial attacks against Deep Neural Networks have been widely studied. One significant feature that makes such attacks particularly powerful is transferability, where the adversarial examples generated from one model can be effective against other similar models as well. A large number of works have been done to increase the transferability. However, how to decrease the transferability and craft malicious samples only for specific target models are not explored yet. In this paper, we design novel attack methodologies to generate adversarial examples with controllable non-transferability. With these methods, an adversary can efficiently produce precise adversarial examples to attack a set of target models he desires, while keeping benign to other models. The first method is Reversed Loss Function Ensemble, where the adversary can craft qualified examples from the gradients of a reversed loss function. This approach is effective for the white-box and gray-box settings. The second method is Transferability Classification: the adversary trains a transferability-aware classifier from the perturbations of adversarial examples. This classifier further provides the guidance for the generation of non-transferable adversarial examples. This approach can be applied to the black-box scenario. Evaluation results demonstrate the effectiveness and efficiency of our proposed methods. This work opens up a new route for generating adversarial examples with new features and applications.

READ FULL TEXT
research
07/09/2023

GNP Attack: Transferable Adversarial Examples via Gradient Norm Penalty

Adversarial examples (AE) with good transferability enable practical bla...
research
02/27/2018

Understanding and Enhancing the Transferability of Adversarial Examples

State-of-the-art deep neural networks are known to be vulnerable to adve...
research
08/23/2022

Transferability Ranking of Adversarial Examples

Adversarial examples can be used to maliciously and covertly change a mo...
research
08/27/2022

SA: Sliding attack for synthetic speech detection with resistance to clipping and self-splicing

Deep neural networks are vulnerable to adversarial examples that mislead...
research
07/01/2023

Common Knowledge Learning for Generating Transferable Adversarial Examples

This paper focuses on an important type of black-box attacks, i.e., tran...
research
03/07/2023

Logit Margin Matters: Improving Transferable Targeted Adversarial Attack by Logit Calibration

Previous works have extensively studied the transferability of adversari...
research
10/22/2019

Structure Matters: Towards Generating Transferable Adversarial Images

Recent works on adversarial examples for image classification focus on d...

Please sign up or login with your details

Forgot password? Click here to reset