跨模态对抗性攻击中最优目标代码引导的多元摄动

IF 7.4 1区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Processing & Management Pub Date : 2025-05-27 DOI:10.1016/j.ipm.2025.104214

Wenhui Li , Bo Li , Weizhi Nie , Lanjun Wang , An-An Liu

{"title":"跨模态对抗性攻击中最优目标代码引导的多元摄动","authors":"Wenhui Li , Bo Li , Weizhi Nie , Lanjun Wang , An-An Liu","doi":"10.1016/j.ipm.2025.104214","DOIUrl":null,"url":null,"abstract":"<div><div>Cross-modal retrieval models are vulnerable to adversarial samples, thus exploring efficient attack methods can help researchers understand the essence of adversarial attack, evaluate the robustness of models, and promote the development of more reliable models. Although existing adversarial attack methods have achieved promising results, how to further improve the transferability of adversarial examples remains an open question. In this paper, we propose a novel transferable targeted attack method. First, we introduce an optimal target code optimization strategy to obtain representative target codes. Subsequently, when generating adversarial examples, we propose a random perturbation strategy to diversify the potential input patterns of perturbations by introducing randomness, thus automatically enhancing the generalization of samples. overcoming the limitations of existing methods that depend on specific image augmentation techniques. Experiments show that this framework can generate highly transferable adversarial samples, for example, when transferring attacks from VGG-F to ResNet50, the proposed method outperforms the SOTA by 10.41% in the I2T task on the MS-COCO dataset; in addition, samples generated by small models can also successfully attack large models, which will help researchers study the existence of adversarial attacks from a new perspective.</div></div>","PeriodicalId":50365,"journal":{"name":"Information Processing & Management","volume":"62 5","pages":"Article 104214"},"PeriodicalIF":7.4000,"publicationDate":"2025-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Diversified perturbation guided by optimal target code for cross-modal adversarial attack\",\"authors\":\"Wenhui Li , Bo Li , Weizhi Nie , Lanjun Wang , An-An Liu\",\"doi\":\"10.1016/j.ipm.2025.104214\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Cross-modal retrieval models are vulnerable to adversarial samples, thus exploring efficient attack methods can help researchers understand the essence of adversarial attack, evaluate the robustness of models, and promote the development of more reliable models. Although existing adversarial attack methods have achieved promising results, how to further improve the transferability of adversarial examples remains an open question. In this paper, we propose a novel transferable targeted attack method. First, we introduce an optimal target code optimization strategy to obtain representative target codes. Subsequently, when generating adversarial examples, we propose a random perturbation strategy to diversify the potential input patterns of perturbations by introducing randomness, thus automatically enhancing the generalization of samples. overcoming the limitations of existing methods that depend on specific image augmentation techniques. Experiments show that this framework can generate highly transferable adversarial samples, for example, when transferring attacks from VGG-F to ResNet50, the proposed method outperforms the SOTA by 10.41% in the I2T task on the MS-COCO dataset; in addition, samples generated by small models can also successfully attack large models, which will help researchers study the existence of adversarial attacks from a new perspective.</div></div>\",\"PeriodicalId\":50365,\"journal\":{\"name\":\"Information Processing & Management\",\"volume\":\"62 5\",\"pages\":\"Article 104214\"},\"PeriodicalIF\":7.4000,\"publicationDate\":\"2025-05-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Processing & Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0306457325001554\",\"RegionNum\":1,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Processing & Management","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0306457325001554","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

跨模态检索模型容易受到对抗性样本的攻击，探索有效的攻击方法可以帮助研究人员了解对抗性攻击的本质，评估模型的鲁棒性，促进更可靠的模型的发展。虽然现有的对抗性攻击方法已经取得了很好的效果，但如何进一步提高对抗性示例的可转移性仍然是一个悬而未决的问题。本文提出了一种新的可转移目标攻击方法。首先，引入最优目标码优化策略，获得具有代表性的目标码。随后，在生成对抗样本时，我们提出了一种随机扰动策略，通过引入随机性来多样化扰动的潜在输入模式，从而自动增强样本的泛化能力。克服依赖特定图像增强技术的现有方法的局限性。实验表明，该框架可以生成高度可转移的对抗样本，例如，当攻击从VGG-F转移到ResNet50时，在MS-COCO数据集的I2T任务中，该方法的性能优于SOTA方法10.41%；此外，小模型生成的样本也可以成功攻击大模型，这将有助于研究人员从一个新的角度研究对抗性攻击的存在。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Diversified perturbation guided by optimal target code for cross-modal adversarial attack

Cross-modal retrieval models are vulnerable to adversarial samples, thus exploring efficient attack methods can help researchers understand the essence of adversarial attack, evaluate the robustness of models, and promote the development of more reliable models. Although existing adversarial attack methods have achieved promising results, how to further improve the transferability of adversarial examples remains an open question. In this paper, we propose a novel transferable targeted attack method. First, we introduce an optimal target code optimization strategy to obtain representative target codes. Subsequently, when generating adversarial examples, we propose a random perturbation strategy to diversify the potential input patterns of perturbations by introducing randomness, thus automatically enhancing the generalization of samples. overcoming the limitations of existing methods that depend on specific image augmentation techniques. Experiments show that this framework can generate highly transferable adversarial samples, for example, when transferring attacks from VGG-F to ResNet50, the proposed method outperforms the SOTA by 10.41% in the I2T task on the MS-COCO dataset; in addition, samples generated by small models can also successfully attack large models, which will help researchers study the existence of adversarial attacks from a new perspective.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Processing & Management 工程技术-计算机：信息系统

CiteScore

17.00

自引率

11.60%

发文量

276

审稿时长

39 days

期刊介绍： Information Processing and Management is dedicated to publishing cutting-edge original research at the convergence of computing and information science. Our scope encompasses theory, methods, and applications across various domains, including advertising, business, health, information science, information technology marketing, and social computing. We aim to cater to the interests of both primary researchers and practitioners by offering an effective platform for the timely dissemination of advanced and topical issues in this interdisciplinary field. The journal places particular emphasis on original research articles, research survey articles, research method articles, and articles addressing critical applications of research. Join us in advancing knowledge and innovation at the intersection of computing and information science.