Attention-guided transformation-invariant attack for black-box adversarial examples

doi:10.1002/int.22808

	Attention-guided transformation-invariant attack for black-box adversarial examples
	Zhu, Jiaqi 1; Dai, Feng 2; Yu, Lingyun 1,3; Xie, Hongtao 1; Wang, Lidong 4; Wu, Bo 5; Zhang, Yongdong 1
	2022-01-11
发表期刊	INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS
ISSN	0884-8173
页码	24
摘要	With the development of media convergence, information acquisition is no longer limited to traditional media, such as newspapers and televisions, but more from digital media on the Internet, where media contents should be under supervision by platforms. At present, the media content analysis technology of Internet platforms relies on deep neural networks (DNNs). However, DNNs show vulnerability to adversarial examples, which results in security risks. Therefore, it is necessary to adequately study the internal mechanism of adversarial examples to build more effective supervision models. When coming to practical applications, supervision models are mostly faced with black-box attacks, where cross-model transferability of adversarial examples has attracted increasing attention. In this paper, to improve the transferability of adversarial examples, we propose an attention-guided transformation-invariant adversarial attack method, which incorporates an attention mechanism to disrupt the most distinctive features and simultaneously ensures adversarial attack invariance under different transformations. Specifically, we dynamically weight the latent features according to an attention mechanism and disrupt them accordingly. Meanwhile, considering the lack of semantics in low-level features, high-level semantics are introduced as spatial guidance to make low-level feature perturbations concentrate on the most discriminative regions. Moreover, since the attention heatmaps may vary significantly across different models, a transformation-invariant aggregated attack strategy is proposed to alleviate overfitting to the proxy model attention. Comprehensive experimental results show that the proposed method can significantly improve the transferability of adversarial examples.
关键词	adversarial examples attention media convergence security transformation-invariant
DOI	10.1002/int.22808
收录类别	SCI
语种	英语
资助项目	National Key Research and Development Program of China[2018YFB0804203] ; National Natural Science Foundation of China[62121002] ; National Natural Science Foundation of China[U1936210] ; National Natural Science Foundation of China[62072438] ; National Natural Science Foundation of China[U1936110] ; National Natural Science Foundation of China[62102127] ; Hefei Postdoctoral Research Activities Foundation[BSH202101]
WOS研究方向	Computer Science
WOS类目	Computer Science, Artificial Intelligence
WOS记录号	WOS:000741469300001
出版者	WILEY
引用统计	被引频次：3[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/18296
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Xie, Hongtao
作者单位	1.Univ Sci & Technol China, Sch Informat Sci & Technol, 443 Huangshan Rd, Hefei 230027, Peoples R China 2.Chinese Acad Sci, Key Lab Intelligent Informat Proc, Beijing, Peoples R China 3.Hefei Comprehens Natl Sci Ctr, Inst Artificial Intelligence, Hefei, Peoples R China 4.Beijing Radio & TV Stn, Beijing, Peoples R China 5.MIT IBM Watson AI Lab, Cambridge, MA USA
推荐引用方式 GB/T 7714	Zhu, Jiaqi,Dai, Feng,Yu, Lingyun,et al. Attention-guided transformation-invariant attack for black-box adversarial examples[J]. INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS,2022:24.
APA	Zhu, Jiaqi.,Dai, Feng.,Yu, Lingyun.,Xie, Hongtao.,Wang, Lidong.,...&Zhang, Yongdong.(2022).Attention-guided transformation-invariant attack for black-box adversarial examples.INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS,24.
MLA	Zhu, Jiaqi,et al."Attention-guided transformation-invariant attack for black-box adversarial examples".INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS (2022):24.