GM-Attack: Improving the Transferability of Adversarial Attacks

Jinbang Hong; Keke Tang; Chao Gao; Songxin Wang; Sensen Guo; Peican Zhu

doi:10.1007/978-3-031-10989-8_39

GM-Attack: Improving the Transferability of Adversarial Attacks

Jinbang Hong, Keke Tang, Chao Gao, Songxin Wang, Sensen Guo, Peican Zhu

School of Artificial Intelligence, OPtics and Electronics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

Original language	English
Title of host publication	Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings
Editors	Gerard Memmi, Baijian Yang, Linghe Kong, Tianwei Zhang, Meikang Qiu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	489-500
Number of pages	12
ISBN (Print)	9783031109881
DOIs	https://doi.org/10.1007/978-3-031-10989-8_39
State	Published - 2022
Event	15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 - Singapore, Singapore Duration: 6 Aug 2022 → 8 Aug 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13370 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022
Country/Territory	Singapore
City	Singapore
Period	6/08/22 → 8/08/22

Keywords

Adversarial attack
Adversarial examples
Data augmentation
Deep neural networks
Transferability
White-box/black-box attack

Access to Document

10.1007/978-3-031-10989-8_39

Cite this

Hong, J., Tang, K., Gao, C., Wang, S., Guo, S., & Zhu, P. (2022). GM-Attack: Improving the Transferability of Adversarial Attacks. In G. Memmi, B. Yang, L. Kong, T. Zhang, & M. Qiu (Eds.), Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings (pp. 489-500). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13370 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-10989-8_39

Hong, Jinbang ; Tang, Keke ; Gao, Chao et al. / GM-Attack : Improving the Transferability of Adversarial Attacks. Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. editor / Gerard Memmi ; Baijian Yang ; Linghe Kong ; Tianwei Zhang ; Meikang Qiu. Springer Science and Business Media Deutschland GmbH, 2022. pp. 489-500 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{cd2aa95665204bbcb491d8bb2e341fd2,

title = "GM-Attack: Improving the Transferability of Adversarial Attacks",

abstract = "In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.",

keywords = "Adversarial attack, Adversarial examples, Data augmentation, Deep neural networks, Transferability, White-box/black-box attack",

author = "Jinbang Hong and Keke Tang and Chao Gao and Songxin Wang and Sensen Guo and Peican Zhu",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 ; Conference date: 06-08-2022 Through 08-08-2022",

year = "2022",

doi = "10.1007/978-3-031-10989-8_39",

language = "英语",

isbn = "9783031109881",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "489--500",

editor = "Gerard Memmi and Baijian Yang and Linghe Kong and Tianwei Zhang and Meikang Qiu",

booktitle = "Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings",

}

Hong, J, Tang, K, Gao, C, Wang, S, Guo, S & Zhu, P 2022, GM-Attack: Improving the Transferability of Adversarial Attacks. in G Memmi, B Yang, L Kong, T Zhang & M Qiu (eds), Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13370 LNAI, Springer Science and Business Media Deutschland GmbH, pp. 489-500, 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022, Singapore, Singapore, 6/08/22. https://doi.org/10.1007/978-3-031-10989-8_39

GM-Attack: Improving the Transferability of Adversarial Attacks. / Hong, Jinbang; Tang, Keke; Gao, Chao et al.
Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. ed. / Gerard Memmi; Baijian Yang; Linghe Kong; Tianwei Zhang; Meikang Qiu. Springer Science and Business Media Deutschland GmbH, 2022. p. 489-500 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13370 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - GM-Attack

T2 - 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022

AU - Hong, Jinbang

AU - Tang, Keke

AU - Gao, Chao

AU - Wang, Songxin

AU - Guo, Sensen

AU - Zhu, Peican

PY - 2022

Y1 - 2022

N2 - In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

AB - In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

KW - Adversarial attack

KW - Adversarial examples

KW - Data augmentation

KW - Deep neural networks

KW - Transferability

KW - White-box/black-box attack

UR - http://www.scopus.com/inward/record.url?scp=85135042211&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-10989-8_39

DO - 10.1007/978-3-031-10989-8_39

M3 - 会议稿件

AN - SCOPUS:85135042211

SN - 9783031109881

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 489

EP - 500

BT - Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings

A2 - Memmi, Gerard

A2 - Yang, Baijian

A2 - Kong, Linghe

A2 - Zhang, Tianwei

A2 - Qiu, Meikang

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 6 August 2022 through 8 August 2022

ER -

Hong J, Tang K, Gao C, Wang S, Guo S, Zhu P. GM-Attack: Improving the Transferability of Adversarial Attacks. In Memmi G, Yang B, Kong L, Zhang T, Qiu M, editors, Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 489-500. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-10989-8_39