Rotation Model Enhancement for Adversarial Attack

Abstract

Current white-box attack to deep neural networks have achieved considerable success, but not for black-box attack. The main reason is poor transferability, as the adversarial examples are crafted with single deep neural networks model, and excessively depend on that model. To address that problem, we propose a rotation model enhancement algorithm to craft adversarial examples. We improve rotation method in model enhancement. This algorithm constructs a possibility model to randomly rotate original images, and generates multiple transformed images. Therefore, we craft adversarial examples with single model, and boost attack on multiple models, which demonstrate considerable transferability and success rate for black-box attack. The simulation indicates the algorithm boost black-box attack with a 89.2% success rate.