Enhancing Adversarial Example Transferability with an Intermediate Level Attack

July 23, 2019 · Entered Twilight · 🏛 IEEE International Conference on Computer Vision

"Last commit was 6.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, README.md, all_in_one_cifar10.py, all_in_one_imagenet.py, attacks.py, cifar10_config.py, cifar10models.py, demo.py, imagenet_config.py, imagenet_labels.txt, test_images, visualize.ipynb

Authors Qian Huang, Isay Katsman, Horace He, Zeqi Gu, Serge Belongie, Ser-Nam Lim arXiv ID 1907.10823 Category cs.LG: Machine Learning Cross-listed cs.CR, cs.CV, stat.ML Citations 283 Venue IEEE International Conference on Computer Vision Repository https://github.com/CUVL/Intermediate-Level-Attack ⭐ 80 Last Checked 1 month ago

Abstract

Neural networks are vulnerable to adversarial examples, malicious inputs crafted to fool trained models. Adversarial examples often exhibit black-box transfer, meaning that adversarial examples for one model can fool another model. However, adversarial examples are typically overfit to exploit the particular architecture and feature representation of a source model, resulting in sub-optimal black-box transfer attacks to other target models. We introduce the Intermediate Level Attack (ILA), which attempts to fine-tune an existing adversarial example for greater black-box transferability by increasing its perturbation on a pre-specified layer of the source model, improving upon state-of-the-art methods. We show that we can select a layer of the source model to perturb without any knowledge of the target models while achieving high transferability. Additionally, we provide some explanatory insights regarding our method and the effect of optimizing for adversarial examples using intermediate feature maps. Our code is available at https://github.com/CUVL/Intermediate-Level-Attack.