Yinjie Zhang, Geyang Xiao, B. Bai, Zhiyu Wang, Caijun Sun, Yonggang Tu
{"title":"面向多模态机器学习的优化传输攻击框架","authors":"Yinjie Zhang, Geyang Xiao, B. Bai, Zhiyu Wang, Caijun Sun, Yonggang Tu","doi":"10.1109/DOCS55193.2022.9967734","DOIUrl":null,"url":null,"abstract":"Deep neural networks (DNNs) have excelled at a wide range of tasks, including computer vision (CV), natural language processing (NLP), and speech recognition. However, past research has demonstrated that DNNs are vulnerable to adversarial examples, which are deliberately meant to trick models into making incorrect predictions by adding subtle perturbations into inputs. Adversarial examples create an exponential threat to multi-modal models that can accept a variety of inputs. By attacking substitute models, we provide a transferable attack framework. The suggested framework optimizes the attack process by modifying the prompt templates and simultaneously raising the attack on multiple inputs. Our experiments demonstrate that the proposed attack framework can significantly improve the success rate of transferable attacks, and adversarial examples are rarely noticed by humans. Meanwhile, experiments show that in transferable attacks, coarse-grained adversarial examples can achieve higher attack success rates than fine-grained ones, and the multi-modal models has some robustness against uni-modal attacks.","PeriodicalId":348545,"journal":{"name":"2022 4th International Conference on Data-driven Optimization of Complex Systems (DOCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Optimized Transfer Attack Framework Towards Multi-Modal Machine Learning\",\"authors\":\"Yinjie Zhang, Geyang Xiao, B. Bai, Zhiyu Wang, Caijun Sun, Yonggang Tu\",\"doi\":\"10.1109/DOCS55193.2022.9967734\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep neural networks (DNNs) have excelled at a wide range of tasks, including computer vision (CV), natural language processing (NLP), and speech recognition. However, past research has demonstrated that DNNs are vulnerable to adversarial examples, which are deliberately meant to trick models into making incorrect predictions by adding subtle perturbations into inputs. Adversarial examples create an exponential threat to multi-modal models that can accept a variety of inputs. By attacking substitute models, we provide a transferable attack framework. The suggested framework optimizes the attack process by modifying the prompt templates and simultaneously raising the attack on multiple inputs. Our experiments demonstrate that the proposed attack framework can significantly improve the success rate of transferable attacks, and adversarial examples are rarely noticed by humans. Meanwhile, experiments show that in transferable attacks, coarse-grained adversarial examples can achieve higher attack success rates than fine-grained ones, and the multi-modal models has some robustness against uni-modal attacks.\",\"PeriodicalId\":348545,\"journal\":{\"name\":\"2022 4th International Conference on Data-driven Optimization of Complex Systems (DOCS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 4th International Conference on Data-driven Optimization of Complex Systems (DOCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DOCS55193.2022.9967734\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 4th International Conference on Data-driven Optimization of Complex Systems (DOCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DOCS55193.2022.9967734","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Optimized Transfer Attack Framework Towards Multi-Modal Machine Learning
Deep neural networks (DNNs) have excelled at a wide range of tasks, including computer vision (CV), natural language processing (NLP), and speech recognition. However, past research has demonstrated that DNNs are vulnerable to adversarial examples, which are deliberately meant to trick models into making incorrect predictions by adding subtle perturbations into inputs. Adversarial examples create an exponential threat to multi-modal models that can accept a variety of inputs. By attacking substitute models, we provide a transferable attack framework. The suggested framework optimizes the attack process by modifying the prompt templates and simultaneously raising the attack on multiple inputs. Our experiments demonstrate that the proposed attack framework can significantly improve the success rate of transferable attacks, and adversarial examples are rarely noticed by humans. Meanwhile, experiments show that in transferable attacks, coarse-grained adversarial examples can achieve higher attack success rates than fine-grained ones, and the multi-modal models has some robustness against uni-modal attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
