Boosting the Transferability of Adversarial Examples with Translation Transformation

Abstract

Although the adversarial examples have achieved an incredible white-box attack rate, they tend to show poor transferability in black-box attacks. Date augmentation is considered to be an effective means of enhancing the adversarial examples transferability. To this end, based on translation transformation we propose a new method to generate more mobile adversarial examples to attack the advanced defense model. By optimizing the original image, the input diversity is improved and the transferability of the adversarial examples generated by further training is enhanced. This method can also be combined with the attack method based on gradient, and the new method can make the attack success rate higher. Experiments on ImageNet data sets show that the proposed method is superior to gradient based methods such as MI-FGSM in black box attack, while maintaining a high success rate of white box attack. We hope that our proposed method of attack can serve as a benchmark for assessing the robustness of networks to opponents and the effectiveness of the different methods of defence.