Enhancing visual adversarial transferability via affine transformation of intermediate-level perturbations

IF 3.9 3区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Pattern Recognition Letters Pub Date : 2025-03-11 DOI:10.1016/j.patrec.2025.03.003

Qizhang Li , Yiwen Guo , Wangmeng Zuo

{"title":"Enhancing visual adversarial transferability via affine transformation of intermediate-level perturbations","authors":"Qizhang Li , Yiwen Guo , Wangmeng Zuo","doi":"10.1016/j.patrec.2025.03.003","DOIUrl":null,"url":null,"abstract":"<div><div>The transferability of adversarial examples across deep neural networks (DNNs) provides an effective method for black-box attacks and poses a severe threat to the applications of DNNs. Recent studies show that making the intermediate-level perturbation (the difference between the intermediate representations of adversarial examples and their corresponding benign examples) less adversarial, <em>e.g.</em>, by reducing its magnitude, will improve the alignment of input gradients across substitute and victim models, thereby enhancing the transferability of adversarial examples. In this paper, we introduce an intermediate-level perturbation degradation framework that applies an affine transformation to the intermediate-level perturbation, enabling various degradation methods and thus improving the input gradient alignment. Experimental results show that our method outperforms existing state-of-the-arts on CIFAR-10, Food 101, Oxford-IIIT Pet, and ImageNet when attacking various victim models. Moreover, it can be combined with existing methods to achieve further improvements. Our code: <span><span>https://github.com/qizhangli/ILPD-plus-plus</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54638,"journal":{"name":"Pattern Recognition Letters","volume":"191 ","pages":"Pages 51-57"},"PeriodicalIF":3.9000,"publicationDate":"2025-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pattern Recognition Letters","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016786552500087X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The transferability of adversarial examples across deep neural networks (DNNs) provides an effective method for black-box attacks and poses a severe threat to the applications of DNNs. Recent studies show that making the intermediate-level perturbation (the difference between the intermediate representations of adversarial examples and their corresponding benign examples) less adversarial, e.g., by reducing its magnitude, will improve the alignment of input gradients across substitute and victim models, thereby enhancing the transferability of adversarial examples. In this paper, we introduce an intermediate-level perturbation degradation framework that applies an affine transformation to the intermediate-level perturbation, enabling various degradation methods and thus improving the input gradient alignment. Experimental results show that our method outperforms existing state-of-the-arts on CIFAR-10, Food 101, Oxford-IIIT Pet, and ImageNet when attacking various victim models. Moreover, it can be combined with existing methods to achieve further improvements. Our code: https://github.com/qizhangli/ILPD-plus-plus.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Pattern Recognition Letters 工程技术-计算机：人工智能

CiteScore

12.40

自引率

5.90%

发文量

287

审稿时长

9.1 months

期刊介绍： Pattern Recognition Letters aims at rapid publication of concise articles of a broad interest in pattern recognition. Subject areas include all the current fields of interest represented by the Technical Committees of the International Association of Pattern Recognition, and other developing themes involving learning and recognition.