Abstract
Deep neural networks are susceptible to adversarial examples, which can cause misclassification of the models by adding some imperceptible perturbations to the original input images. Although most existing adversarial attack methods have achieved convincing success rates under white-box settings, they tend to exhibit weak transferability with the challenging black-box settings. Therefore, we propose a method based on input image pre-processing transformation named Shear & Pad Method (SPM) by optimizing the input diversity of the original images to generate adversarial examples. Meanwhile, it can alleviate the overfitting to improve the transferability of the adversarial examples. In addition, this method can be combined with related methods such as the family of fast gradient sign method to build stronger attack methods against the defense trained models. It can also be integrated into other transformation-based methods to generate more adversaries with better black-box transferability. Extensive experiments on the ImageNet dataset show that our proposed method has higher success rates than existing baseline attack methods both on a single model and an ensemble of models. Therefore, we hope that our method can be used as an effective benchmark for evaluating the robustness of deep network models.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
