Stochastic Variance Reduced Ensemble Adversarial Attack for Boosting the Adversarial Transferability

11/21/2021
by   Yifeng Xiong, et al.
4

The black-box adversarial attack has attracted impressive attention for its practical use in the field of deep learning security, meanwhile, it is very challenging as there is no access to the network architecture or internal weights of the target model. Based on the hypothesis that if an example remains adversarial for multiple models, then it is more likely to transfer the attack capability to other models, the ensemble-based adversarial attack methods are efficient and widely used for black-box attacks. However, ways of ensemble attack are rather less investigated, and existing ensemble attacks simply fuse the outputs of all the models evenly. In this work, we treat the iterative ensemble attack as a stochastic gradient descent optimization process, in which the variance of the gradients on different models may lead to poor local optima. To this end, we propose a novel attack method called the stochastic variance reduced ensemble (SVRE) attack, which could reduce the gradient variance of the ensemble models and take full advantage of the ensemble attack. Empirical results on the standard ImageNet dataset demonstrate that the proposed method could boost the adversarial transferability and outperforms existing ensemble attacks significantly.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/29/2021

Enhancing the Transferability of Adversarial Attacks through Variance Tuning

Deep neural networks are vulnerable to adversarial examples that mislead...
research
11/16/2022

T-SEA: Transfer-based Self-Ensemble Attack on Object Detection

Compared to query-based black-box attacks, transfer-based black-box atta...
research
04/26/2021

Delving into Data: Effectively Substitute Training for Black-box Attack

Deep models have shown their vulnerability when processing adversarial s...
research
07/04/2023

LEAT: Towards Robust Deepfake Disruption in Real-World Scenarios via Latent Ensemble Attack

Deepfakes, malicious visual contents created by generative models, pose ...
research
12/07/2021

Saliency Diversified Deep Ensemble for Robustness to Adversaries

Deep learning models have shown incredible performance on numerous image...
research
05/19/2022

Transferable Physical Attack against Object Detection with Separable Attention

Transferable adversarial attack is always in the spotlight since deep le...
research
01/16/2023

Meta Generative Attack on Person Reidentification

Adversarial attacks have been recently investigated in person re-identif...

Please sign up or login with your details

Forgot password? Click here to reset