In recent years, research on adversarial attacks has become a hot spot. Although current literature on the transfer-based adversarial attack has achieved promising results for improving the transferability to unseen black-box models, it still leaves a long way to go. Inspired by the idea of meta-learning, this paper proposes a novel architecture called Meta Gradient Adversarial Attack (MGAA), which is plug-and-play and can be integrated with any existing gradient-based attack method for improving the cross-model transferability. Specifically, we randomly sample multiple models from a model zoo to compose different tasks and iteratively simulate a white-box attack and a black-box attack in each task. By narrowing the gap between the gradient directions in white-box and black-box attacks, the transferability of adversarial examples on the black-box setting can be improved. Extensive experiments on the CIFAR10 and ImageNet datasets show that our architecture outperforms the state-of-the-art methods for both black-box and white-box attack settings.
翻译:近些年来,关于对抗性攻击的研究已成为热点。尽管目前关于以转移为基础的对抗性攻击的文献在改进向隐蔽黑盒模式的可转移性方面取得了可喜的成果,但仍任重道远。在元学习理念的启发下,本文提出了名为Meta Gradient Aversarial Attack(MGAAA)的新结构,这是一个插座和游戏,可以与现有的任何基于梯度的攻击方法相结合,以改进跨模范转移性。具体地说,我们随机抽样从一个模型动物园抽取多个模型,以组成不同的任务,并反复模拟白盒攻击和黑盒攻击。通过缩小白盒攻击中的梯度方向和黑盒攻击之间的鸿沟,黑盒设置上的对抗性例子的可转移性可以改进。关于CIFAR10和图像网络数据集的广泛实验显示,我们的架构超越了黑盒和白盒攻击环境的最先进方法。
相关内容
微信扫码咨询专知VIP会员