Abstract
AbstractWith the discernment of the vulnerability of deep neural networks recently, adversarial attack methods have become one of the hot spots for the security of artificial intelligence technologies. While previous researches can effectively generate adversarial examples in white-box attacks, it remains challenging to transfer these adversarial examples to black-box models, where the attacker has no knowledge about the model structure and parameters. This paper focuses on the transferability of adversarial examples and proposes a novel approach named Model-Agnostic Attack (MAA), in which meta-learning is explored to facilitate the transferability of adversarial examples crafted on vanilla adversarial attacks across diverse black-box models. Specifically, model-agnostic meta-learning, a meta-learning approach, can train a well-generalized model to various unknown tasks and is utilized to alleviate the overfitting problem of adversarial examples for the specified models, so that the adversarial examples can be easily transferred to black-box models. Besides, we highlight that the MAA is a plug-and-play approach and can be effortlessly integrated with any existing technologies to further boost transferability. Extensive experiment results on CIFAR-10 and CIFAR-100 exhibit the superiority of MAA that achieves higher transferability than state-of-the-art methods on average against black-box models.KeywordsAdversarial attackBlack-box attackBlack-box scenarioMeta learningTransferabilityTransferable adversarial examplesModel-agnostic meta-learning
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.