DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion

Zepeng Fan; Peican Zhu; Chao Gao; Jinbang Hong; Keke Tang

doi:10.1007/978-3-031-40286-9_23

DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion

Zepeng Fan, Peican Zhu, Chao Gao, Jinbang Hong, Keke Tang

School of Artificial Intelligence, OPtics and Electronics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In practice, deep learning models are easy to be fooled by input images with subtle perturbations, and those images are called adversarial examples. Regarding one model, the crafted adversarial examples can successfully fool other models with varying architectures but the same task, which is referred to as adversarial transferability. Nevertheless, in practice, it is hard to get information about the model to be attacked, transfer-based adversarial attacks have developed rapidly. Later, different techniques are proposed to promote adversarial transferability. Different from existing input transformation attacks based on spatial transformation, our approach is a novel one on the basis of information deletion. By deleting squares of the input images by channels, we mitigate overfitting on the surrogate model of the adversarial examples and further enhance adversarial transferability. The corresponding performance of our method is superior to the existing input transformation attacks on different models (here, we consider unsecured models and defense ones), as demonstrated by extensive evaluations on ImageNet.

Original language	English
Title of host publication	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
Editors	Zhi Jin, Yuncheng Jiang, Wenjun Ma, Robert Andrei Buchmann, Ana-Maria Ghiran, Yaxin Bi
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	276-288
Number of pages	13
ISBN (Print)	9783031402852
DOIs	https://doi.org/10.1007/978-3-031-40286-9_23
State	Published - 2023
Event	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings - Guangzhou, China Duration: 16 Aug 2023 → 18 Aug 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14118 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
Country/Territory	China
City	Guangzhou
Period	16/08/23 → 18/08/23

Keywords

Adversarial examples
Information deletion
Input transformation
Transfer-based adversarial attacks
Transferability

Access to Document

10.1007/978-3-031-40286-9_23

Cite this

Fan, Z., Zhu, P., Gao, C., Hong, J., & Tang, K. (2023). DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion. In Z. Jin, Y. Jiang, W. Ma, R. A. Buchmann, A.-M. Ghiran, & Y. Bi (Eds.), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings (pp. 276-288). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14118 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-40286-9_23

Fan, Zepeng ; Zhu, Peican ; Gao, Chao et al. / DBA : An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion. Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. editor / Zhi Jin ; Yuncheng Jiang ; Wenjun Ma ; Robert Andrei Buchmann ; Ana-Maria Ghiran ; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. pp. 276-288 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d3ddccb9efd24dff85d84615250a6e3b,

title = "DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion",

abstract = "In practice, deep learning models are easy to be fooled by input images with subtle perturbations, and those images are called adversarial examples. Regarding one model, the crafted adversarial examples can successfully fool other models with varying architectures but the same task, which is referred to as adversarial transferability. Nevertheless, in practice, it is hard to get information about the model to be attacked, transfer-based adversarial attacks have developed rapidly. Later, different techniques are proposed to promote adversarial transferability. Different from existing input transformation attacks based on spatial transformation, our approach is a novel one on the basis of information deletion. By deleting squares of the input images by channels, we mitigate overfitting on the surrogate model of the adversarial examples and further enhance adversarial transferability. The corresponding performance of our method is superior to the existing input transformation attacks on different models (here, we consider unsecured models and defense ones), as demonstrated by extensive evaluations on ImageNet.",

keywords = "Adversarial examples, Information deletion, Input transformation, Transfer-based adversarial attacks, Transferability",

author = "Zepeng Fan and Peican Zhu and Chao Gao and Jinbang Hong and Keke Tang",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings ; Conference date: 16-08-2023 Through 18-08-2023",

year = "2023",

doi = "10.1007/978-3-031-40286-9_23",

language = "英语",

isbn = "9783031402852",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "276--288",

editor = "Zhi Jin and Yuncheng Jiang and Wenjun Ma and Buchmann, {Robert Andrei} and Ana-Maria Ghiran and Yaxin Bi",

booktitle = "Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings",

}

Fan, Z, Zhu, P , Gao, C, Hong, J & Tang, K 2023, DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion. in Z Jin, Y Jiang, W Ma, RA Buchmann, A-M Ghiran & Y Bi (eds), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14118 LNAI, Springer Science and Business Media Deutschland GmbH, pp. 276-288, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings, Guangzhou, China, 16/08/23. https://doi.org/10.1007/978-3-031-40286-9_23

DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion. / Fan, Zepeng; Zhu, Peican ; Gao, Chao et al.
Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. ed. / Zhi Jin; Yuncheng Jiang; Wenjun Ma; Robert Andrei Buchmann; Ana-Maria Ghiran; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. p. 276-288 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14118 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DBA

T2 - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

AU - Fan, Zepeng

AU - Zhu, Peican

AU - Gao, Chao

AU - Hong, Jinbang

AU - Tang, Keke

PY - 2023

Y1 - 2023

N2 - In practice, deep learning models are easy to be fooled by input images with subtle perturbations, and those images are called adversarial examples. Regarding one model, the crafted adversarial examples can successfully fool other models with varying architectures but the same task, which is referred to as adversarial transferability. Nevertheless, in practice, it is hard to get information about the model to be attacked, transfer-based adversarial attacks have developed rapidly. Later, different techniques are proposed to promote adversarial transferability. Different from existing input transformation attacks based on spatial transformation, our approach is a novel one on the basis of information deletion. By deleting squares of the input images by channels, we mitigate overfitting on the surrogate model of the adversarial examples and further enhance adversarial transferability. The corresponding performance of our method is superior to the existing input transformation attacks on different models (here, we consider unsecured models and defense ones), as demonstrated by extensive evaluations on ImageNet.

AB - In practice, deep learning models are easy to be fooled by input images with subtle perturbations, and those images are called adversarial examples. Regarding one model, the crafted adversarial examples can successfully fool other models with varying architectures but the same task, which is referred to as adversarial transferability. Nevertheless, in practice, it is hard to get information about the model to be attacked, transfer-based adversarial attacks have developed rapidly. Later, different techniques are proposed to promote adversarial transferability. Different from existing input transformation attacks based on spatial transformation, our approach is a novel one on the basis of information deletion. By deleting squares of the input images by channels, we mitigate overfitting on the surrogate model of the adversarial examples and further enhance adversarial transferability. The corresponding performance of our method is superior to the existing input transformation attacks on different models (here, we consider unsecured models and defense ones), as demonstrated by extensive evaluations on ImageNet.

KW - Adversarial examples

KW - Information deletion

KW - Input transformation

KW - Transfer-based adversarial attacks

KW - Transferability

UR - http://www.scopus.com/inward/record.url?scp=85172135808&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-40286-9_23

DO - 10.1007/978-3-031-40286-9_23

M3 - 会议稿件

AN - SCOPUS:85172135808

SN - 9783031402852

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 276

EP - 288

BT - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

A2 - Jin, Zhi

A2 - Jiang, Yuncheng

A2 - Ma, Wenjun

A2 - Buchmann, Robert Andrei

A2 - Ghiran, Ana-Maria

A2 - Bi, Yaxin

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 16 August 2023 through 18 August 2023

ER -

Fan Z, Zhu P , Gao C, Hong J, Tang K. DBA: An Efficient Approach to Boost Transfer-Based Adversarial Attack Performance Through Information Deletion. In Jin Z, Jiang Y, Ma W, Buchmann RA, Ghiran AM, Bi Y, editors, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 276-288. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-40286-9_23