Transfer-based adversarial attacks can evaluate model robustness in the black-box setting. Several methods have demonstrated impressive untargeted transferability, however, it is still challenging to efficiently produce targeted transferability. To this end, we develop a simple yet effective framework to craft targeted transfer-based adversarial examples, applying a hierarchical generative network. In particular, we contribute to amortized designs that well adapt to multi-class targeted attacks. Extensive experiments on ImageNet show that our method improves the success rates of targeted black-box attacks by a significant margin over the existing methods -- it reaches an average success rate of 29.1\% against six diverse models based only on one substitute white-box model, which significantly outperforms the state-of-the-art gradient-based attack methods. Moreover, the proposed method is also more efficient beyond an order of magnitude than gradient-based methods.
翻译:以转移为基础的对抗性攻击可以评估黑箱设置中的模型稳健性。一些方法已经显示出令人印象深刻的非目标可转移性,然而,有效产生有针对性的可转移性仍是一项挑战。为此目的,我们制定了一个简单而有效的框架,以设计有针对性的以转移为基础的对抗性例子,采用等级分化网络。特别是,我们帮助对适合多级定点攻击的重新摊还设计,在图象网上进行的广泛实验表明,我们的方法通过比现有方法大得多的幅度,提高了定点黑箱攻击的成功率 -- -- 相对于仅基于一个替代白箱模式的六种不同模式而言,平均成功率达到29.1 ⁇,这六种模式大大优于最先进的梯度基攻击方法。此外,拟议的方法也比基于梯度的方法更有效率,超出了规模的顺序。