GM-Attack: Improving the Transferability of Adversarial Attacks

Jinbang Hong; Keke Tang; Chao Gao; Songxin Wang; Sensen Guo; Peican Zhu

doi:10.1007/978-3-031-10989-8_39

GM-Attack: Improving the Transferability of Adversarial Attacks

Jinbang Hong
, Keke Tang
, Chao Gao
, Songxin Wang
, Sensen Guo
, Peican Zhu

光电与智能研究院

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

10 引用（Scopus）

摘要

In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

源语言	英语
主期刊名	Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings
编辑	Gerard Memmi, Baijian Yang, Linghe Kong, Tianwei Zhang, Meikang Qiu
出版商	Springer Science and Business Media Deutschland GmbH
页	489-500
页数	12
ISBN（印刷版）	9783031109881
DOI	https://doi.org/10.1007/978-3-031-10989-8_39
出版状态	已出版 - 2022
活动	15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 - Singapore, 新加坡期限: 6 8月 2022 → 8 8月 2022

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	13370 LNAI
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022
国家/地区	新加坡
市	Singapore
时期	6/08/22 → 8/08/22

访问文件

10.1007/978-3-031-10989-8_39

其它文件与链接

链接到 Scopus 的出版物

引用此

Hong, J., Tang, K., Gao, C., Wang, S., Guo, S., & Zhu, P. (2022). GM-Attack: Improving the Transferability of Adversarial Attacks. 在 G. Memmi, B. Yang, L. Kong, T. Zhang, & M. Qiu (编辑), Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings (页码 489-500). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13370 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-10989-8_39

Hong, Jinbang ; Tang, Keke ; Gao, Chao 等. / GM-Attack : Improving the Transferability of Adversarial Attacks. Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. 编辑 / Gerard Memmi ; Baijian Yang ; Linghe Kong ; Tianwei Zhang ; Meikang Qiu. Springer Science and Business Media Deutschland GmbH, 2022. 页码 489-500 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{cd2aa95665204bbcb491d8bb2e341fd2,

title = "GM-Attack: Improving the Transferability of Adversarial Attacks",

abstract = "In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5\% over state-of-the-art methods.",

keywords = "Adversarial attack, Adversarial examples, Data augmentation, Deep neural networks, Transferability, White-box/black-box attack",

author = "Jinbang Hong and Keke Tang and Chao Gao and Songxin Wang and Sensen Guo and Peican Zhu",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022 ; Conference date: 06-08-2022 Through 08-08-2022",

year = "2022",

doi = "10.1007/978-3-031-10989-8\_39",

language = "英语",

isbn = "9783031109881",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "489--500",

editor = "Gerard Memmi and Baijian Yang and Linghe Kong and Tianwei Zhang and Meikang Qiu",

booktitle = "Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings",

}

Hong, J, Tang, K, Gao, C, Wang, S, Guo, S & Zhu, P 2022, GM-Attack: Improving the Transferability of Adversarial Attacks. 在 G Memmi, B Yang, L Kong, T Zhang & M Qiu (编辑), Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 13370 LNAI, Springer Science and Business Media Deutschland GmbH, 页码 489-500, 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022, Singapore, 新加坡, 6/08/22. https://doi.org/10.1007/978-3-031-10989-8_39

GM-Attack: Improving the Transferability of Adversarial Attacks. / Hong, Jinbang; Tang, Keke; Gao, Chao 等.
Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. 编辑 / Gerard Memmi; Baijian Yang; Linghe Kong; Tianwei Zhang; Meikang Qiu. Springer Science and Business Media Deutschland GmbH, 2022. 页码 489-500 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13370 LNAI).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - GM-Attack

T2 - 15th International Conference on Knowledge Science, Engineering and Management, KSEM 2022

AU - Hong, Jinbang

AU - Tang, Keke

AU - Gao, Chao

AU - Wang, Songxin

AU - Guo, Sensen

AU - Zhu, Peican

PY - 2022

Y1 - 2022

N2 - In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

AB - In the real world, blackbox attacks seem to be widely existed due to the lack of detailed information of models to be attacked. Hence, it is desirable to obtain adversarial examples with high transferability which will facilitate practical adversarial attacks. Instead of adopting traditional input transformation approaches, we propose a mechanism to derive masked images through removing some regions from the initial input images. In this manuscript, the removed regions are spatially uniformly distributed squares. For comparison, several transferable attack methods are adopted as the baselines. Eventually, extensive empirical evaluations are conducted on the standard ImageNet dataset to validate the effectiveness of GM-Attack. As indicated, our GM-Attack can craft more transferable adversarial examples compared with other input transformation methods and attack success rate on Inc-v4 has been improved by 6.5% over state-of-the-art methods.

KW - Adversarial attack

KW - Adversarial examples

KW - Data augmentation

KW - Deep neural networks

KW - Transferability

KW - White-box/black-box attack

UR - https://www.scopus.com/pages/publications/85135042211

U2 - 10.1007/978-3-031-10989-8_39

DO - 10.1007/978-3-031-10989-8_39

M3 - 会议稿件

AN - SCOPUS:85135042211

SN - 9783031109881

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 489

EP - 500

BT - Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings

A2 - Memmi, Gerard

A2 - Yang, Baijian

A2 - Kong, Linghe

A2 - Zhang, Tianwei

A2 - Qiu, Meikang

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 6 August 2022 through 8 August 2022

ER -

Hong J, Tang K, Gao C, Wang S, Guo S, Zhu P. GM-Attack: Improving the Transferability of Adversarial Attacks. 在 Memmi G, Yang B, Kong L, Zhang T, Qiu M, 编辑, Knowledge Science, Engineering and Management - 15th International Conference, KSEM 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. 页码 489-500. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-10989-8_39

GM-Attack: Improving the Transferability of Adversarial Attacks

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此