Adaptive Image Transformations for Transfer-Based Adversarial Attack
Abstract
Adversarial attacks provide a good way to study the robustness of deep learning models. One category of methods in transfer-based black-box attack utilizes several image transformation operations to improve the transferability of adversarial examples, which is effective, but fails to take the specific characteristic of the input image into consideration. In this work, we propose a novel architecture, called Adaptive Image Transformation Learner (AITL), which incorporates different image transformation operations into a unified framework to further improve the transferability of adversarial examples. Unlike the fixed combinational transformations used in existing works, our elaborately designed transformation learner adaptively selects the most effective combination of image transformations specific to the input image. Extensive experiments on ImageNet demonstrate that our method significantly improves the attack success rates on both normally trained models and defense models under various settings.
Cite
Text
Yuan et al. "Adaptive Image Transformations for Transfer-Based Adversarial Attack." Proceedings of the European Conference on Computer Vision (ECCV), 2022. doi:10.1007/978-3-031-20065-6_1Markdown
[Yuan et al. "Adaptive Image Transformations for Transfer-Based Adversarial Attack." Proceedings of the European Conference on Computer Vision (ECCV), 2022.](https://mlanthology.org/eccv/2022/yuan2022eccv-adaptive/) doi:10.1007/978-3-031-20065-6_1BibTeX
@inproceedings{yuan2022eccv-adaptive,
title = {{Adaptive Image Transformations for Transfer-Based Adversarial Attack}},
author = {Yuan, Zheng and Zhang, Jie and Shan, Shiguang},
booktitle = {Proceedings of the European Conference on Computer Vision (ECCV)},
year = {2022},
doi = {10.1007/978-3-031-20065-6_1},
url = {https://mlanthology.org/eccv/2022/yuan2022eccv-adaptive/}
}