GM-Attack: Improving the Transferability of Adversarial Attacks

Jinbang Hong, Keke Tang, Chao Gao, Songxin Wang, Sensen Guo, Peican Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

Original languageEnglish
Title of host publicationKnowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings
EditorsGerard Memmi, Baijian Yang, Linghe Kong, Tianwei Zhang, Meikang Qiu
PublisherSpringer Science and Business Media Deutschland GmbH
Pages489-500
Number of pages12
ISBN (Print)9783031109881
DOIs
StatePublished - 2022
Event15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 - Singapore, Singapore
Duration: 6 Aug 20228 Aug 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13370 LNAI
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022
Country/TerritorySingapore
CitySingapore
Period6/08/228/08/22

Keywords

  • Adversarial attack
  • Adversarial examples
  • Data augmentation
  • Deep neural networks
  • Transferability
  • White-box/black-box attack

Fingerprint

Dive into the research topics of 'GM-Attack: Improving the Transferability of Adversarial Attacks'. Together they form a unique fingerprint.

Cite this