Meta Gradient Adversarial Attack
Abstract
In recent years, research on adversarial attacks has become a hot spot. Although current literature on the transfer-based adversarial attack has achieved promising results for improving the transferability to unseen black-box models, it still leaves a long way to go. Inspired by the idea of meta-learning, this paper proposes a novel architecture called Meta Gradient Adversarial Attack (MGAA), which is plug-and-play and can be integrated with any existing gradient-based attack method for improving the cross-model transferability. Specifically, we randomly sample multiple models from a model zoo to compose different tasks and iteratively simulate a white-box attack and a black-box attack in each task. By narrowing the gap between the gradient directions in white-box and black-box attacks, the transferability of adversarial examples on the black-box setting can be improved. Extensive experiments on the CIFAR10 and ImageNet datasets show that our architecture outperforms the state-of-the-art methods for both black-box and white-box attack settings.
Cite
Text
Yuan et al. "Meta Gradient Adversarial Attack." International Conference on Computer Vision, 2021. doi:10.1109/ICCV48922.2021.00765Markdown
[Yuan et al. "Meta Gradient Adversarial Attack." International Conference on Computer Vision, 2021.](https://mlanthology.org/iccv/2021/yuan2021iccv-meta/) doi:10.1109/ICCV48922.2021.00765BibTeX
@inproceedings{yuan2021iccv-meta,
title = {{Meta Gradient Adversarial Attack}},
author = {Yuan, Zheng and Zhang, Jie and Jia, Yunpei and Tan, Chuanqi and Xue, Tao and Shan, Shiguang},
booktitle = {International Conference on Computer Vision},
year = {2021},
pages = {7748-7757},
doi = {10.1109/ICCV48922.2021.00765},
url = {https://mlanthology.org/iccv/2021/yuan2021iccv-meta/}
}