Defending Against Transfer-Based Adversarial Attacks Using SVD-Driven Feature Evolution

Abstract

Due to their high stealthiness and difficulty in detection, the transfer-based adversarial attacks pose a significant challenge to the security and robustness of computer vision models. In this paper, we propose a plug-and-play SVD-driven feature evolution module (SDFEM) to assist image classification models in defending against transfer-based adversarial attacks. The SDFEM consists of "feature concatenation," "feature reconstruction," and "feature weight optimization." After the adversarial examples are decomposed into singular value features using Singular Value Decomposition (SVD), the above three components sequentially achieve the concatenation of features along the channel dimension, the reconstruction of multi-level feature representations, and the optimization of feature weights based on channel context, thereby suppressing the features that significantly contribute to adversarial attacks. Extensive experiments demonstrate that the SDFEM effectively defends against various types of transfer-based attacks, achieving state-of-the-art black-box robustness.