{"title":"从特征统计角度提高黑盒目标可移植性","authors":"Anqi Zhao","doi":"10.1109/ICCECE58074.2023.10135228","DOIUrl":null,"url":null,"abstract":"Adversarial examples are images that can be easily misclassified by deep learning models when small, imperceptible changes are added to them. They pose a security concern for the use of DNNs in practical applications because of their transferability. One mainstream method for black-box targeted attacks is feature space attacks. They mainly focus on iterative attacks and have generally attempted to modify the intermediate feature of source category similar to the feature of target category. In this paper, we explore that certain characteristics of features, such as feature style statistics, might be able to better represent the features themselves, and potentially lead to better transferability compared to simply aligning the source and the target features directly. Based on this, we propose a method which use the relationship between the style statistics of intermediate features and its corresponding category to boost black-box targeted transferability in generative attacks. We demonstrate the effectiveness of this method through experimental results.","PeriodicalId":120030,"journal":{"name":"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Boosting black-box targeted transferability from feature statistic perspective\",\"authors\":\"Anqi Zhao\",\"doi\":\"10.1109/ICCECE58074.2023.10135228\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Adversarial examples are images that can be easily misclassified by deep learning models when small, imperceptible changes are added to them. They pose a security concern for the use of DNNs in practical applications because of their transferability. One mainstream method for black-box targeted attacks is feature space attacks. They mainly focus on iterative attacks and have generally attempted to modify the intermediate feature of source category similar to the feature of target category. In this paper, we explore that certain characteristics of features, such as feature style statistics, might be able to better represent the features themselves, and potentially lead to better transferability compared to simply aligning the source and the target features directly. Based on this, we propose a method which use the relationship between the style statistics of intermediate features and its corresponding category to boost black-box targeted transferability in generative attacks. We demonstrate the effectiveness of this method through experimental results.\",\"PeriodicalId\":120030,\"journal\":{\"name\":\"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCECE58074.2023.10135228\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCECE58074.2023.10135228","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Boosting black-box targeted transferability from feature statistic perspective
Adversarial examples are images that can be easily misclassified by deep learning models when small, imperceptible changes are added to them. They pose a security concern for the use of DNNs in practical applications because of their transferability. One mainstream method for black-box targeted attacks is feature space attacks. They mainly focus on iterative attacks and have generally attempted to modify the intermediate feature of source category similar to the feature of target category. In this paper, we explore that certain characteristics of features, such as feature style statistics, might be able to better represent the features themselves, and potentially lead to better transferability compared to simply aligning the source and the target features directly. Based on this, we propose a method which use the relationship between the style statistics of intermediate features and its corresponding category to boost black-box targeted transferability in generative attacks. We demonstrate the effectiveness of this method through experimental results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
