Timezone: »
Poster
Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation
Zeyu Qin · Yanbo Fan · Yi Liu · Li Shen · Yong Zhang · Jue Wang · Baoyuan Wu
Deep neural networks (DNNs) have been shown to be vulnerable to adversarial examples, which can produce erroneous predictions by injecting imperceptible perturbations. In this work, we study the transferability of adversarial examples, which is significant due to its threat to real-world applications where model architecture or parameters are usually unknown. Many existing works reveal that the adversarial examples are likely to overfit the surrogate model that they are generated from, limiting its transfer attack performance against different target models. To mitigate the overfitting of the surrogate model, we propose a novel attack method, dubbed reverse adversarial perturbation (RAP). Specifically, instead of minimizing the loss of a single adversarial point, we advocate seeking adversarial example located at a region with unified low loss value, by injecting the worst-case perturbation (the reverse adversarial perturbation) for each step of the optimization procedure. The adversarial attack with RAP is formulated as a min-max bi-level optimization problem. By integrating RAP into the iterative process for attacks, our method can find more stable adversarial examples which are less sensitive to the changes of decision boundary, mitigating the overfitting of the surrogate model. Comprehensive experimental comparisons demonstrate that RAP can significantly boost adversarial transferability. Furthermore, RAP can be naturally combined with many existing black-box attack techniques, to further boost the transferability. When attacking a real-world image recognition system, Google Cloud Vision API, we obtain 22% performance improvement of targeted attacks over the compared method. Our codes are available at https://github.com/SCLBD/TransferattackRAP.
Author Information
Zeyu Qin (The Hong Kong University of Science and Technology)
Ph.D. student at CSE of HKUST
Yanbo Fan (NLPR, CASIA)
Yi Liu (The Chinese University of Hong Kong, Shenzhen)
Li Shen (Tencent AI Lab)
Yong Zhang (CASIA)
Jue Wang (Tencent AI Lab)
Baoyuan Wu (The Chinese University of Hong Kong, Shenzhen)
More from the Same Authors
-
2022 Poster: Make Sharpness-Aware Minimization Stronger: A Sparsified Perturbation Approach »
Peng Mi · Li Shen · Tianhe Ren · Yiyi Zhou · Xiaoshuai Sun · Rongrong Ji · Dacheng Tao -
2022 Poster: Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples »
Weixin Chen · Baoyuan Wu · Haoqian Wang -
2022 Poster: BackdoorBench: A Comprehensive Benchmark of Backdoor Learning »
Baoyuan Wu · Hongrui Chen · Mingda Zhang · Zihao Zhu · Shaokui Wei · Danni Yuan · Chao Shen -
2023 Poster: Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples »
Shaokui Wei · Mingda Zhang · Hongyuan Zha · Baoyuan Wu -
2023 Poster: Understanding How Consistency Works in Federated Learning via Stage-wise Relaxed Initialization »
Yan Sun · Li Shen · Dacheng Tao -
2023 Poster: Act As You Wish: Fine-grained Control of Motion Diffusion Model with Hierarchical Semantic Graphs »
Peng Jin · Yang Wu · Yanbo Fan · Zhongqian Sun · Wei Yang · Li Yuan -
2023 Poster: Imitation Learning from Imperfection: Theoretical Justifications and Algorithms »
Ziniu Li · Tian Xu · Zeyu Qin · Yang Yu · Zhi-Quan Luo -
2023 Poster: Stability and Generalization of the Decentralized Stochastic Gradient Descent Ascent Algorithm »
Miaoxi Zhu · Li Shen · Bo Du · Dacheng Tao -
2023 Poster: FlatMatch: Bridging Labeled Data and Unlabeled Data with Cross-Sharpness for Semi-Supervised Learning »
Zhuo Huang · Li Shen · Jun Yu · Bo Han · Tongliang Liu -
2023 Poster: Learning Better with Less: Effective Augmentation for Sample-Efficient Visual Reinforcement Learning »
Guozheng Ma · Linrui Zhang · Haoyu Wang · Lu Li · Zilin Wang · Zhen Wang · Li Shen · Xueqian Wang · Dacheng Tao -
2023 Poster: Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features »
Mingli Zhu · Shaokui Wei · Baoyuan Wu · Hongyuan Zha -
2023 Poster: Inserting Anybody in Diffusion Models via Celeb Basis »
Xiaodong Cun · Xiaodong Cun · Yong Zhang · Maomao Li · Chenyang Qi · Xintao Wang · Ying Shan · Huicheng Zheng -
2023 Poster: An Efficient Dataset Condensation Plugin and Its Application to Continual Learning »
Enneng Yang · Li Shen · Zhenyi Wang · Tongliang Liu · Guibing Guo -
2023 Poster: Dynamic Sparsity Is Channel-Level Sparsity Learner »
Lu Yin · Gen Li · Meng Fang · Li Shen · Tianjin Huang · Zhangyang Wang · Vlado Menkovski · Xiaolong Ma · Mykola Pechenizkiy · Shiwei Liu -
2023 Poster: Stable Backdoor Purification with Feature Shift Tuning »
Rui Min · Zeyu Qin · Li Shen · Minhao Cheng -
2023 Poster: Federated Learning with Manifold Regularization and Normalized Update Reaggregation »
Xuming An · Li Shen · Han Hu · Yong Luo -
2023 Poster: Defending against Data-Free Model Extraction by Distributionally Robust Defensive Training »
Zhenyi Wang · Li Shen · Tongliang Liu · Tiehang Duan · Yanjun Zhu · Donglin Zhan · DAVID DOERMANN · Mingchen Gao -
2023 Poster: DeepfakeBench: A Comprehensive Benchmark of Deepfake Detection »
Zhiyuan Yan · Yong Zhang · Xinhang Yuan · Siwei Lyu · Baoyuan Wu -
2022 Spotlight: One Model to Edit Them All: Free-Form Text-Driven Image Manipulation with Semantic Modulations »
Yiming Zhu · Hongyu Liu · Yibing Song · Ziyang Yuan · Xintong Han · Chun Yuan · Qifeng Chen · Jue Wang -
2022 Spotlight: Stability Analysis and Generalization Bounds of Adversarial Training »
Jiancong Xiao · Yanbo Fan · Ruoyu Sun · Jue Wang · Zhi-Quan Luo -
2022 Spotlight: BackdoorBench: A Comprehensive Benchmark of Backdoor Learning »
Baoyuan Wu · Hongrui Chen · Mingda Zhang · Zihao Zhu · Shaokui Wei · Danni Yuan · Chao Shen -
2022 Spotlight: Lightning Talks 6B-1 »
Yushun Zhang · Duc Nguyen · Jiancong Xiao · Wei Jiang · Yaohua Wang · Yilun Xu · Zhen LI · Anderson Ye Zhang · Ziming Liu · Fangyi Zhang · Gilles Stoltz · Congliang Chen · Gang Li · Yanbo Fan · Ruoyu Sun · Naichen Shi · Yibo Wang · Ming Lin · Max Tegmark · Lijun Zhang · Jue Wang · Ruoyu Sun · Tommi Jaakkola · Senzhang Wang · Zhi-Quan Luo · Xiuyu Sun · Zhi-Quan Luo · Tianbao Yang · Rong Jin -
2022 Spotlight: Lightning Talks 5B-4 »
Yuezhi Yang · Zeyu Yang · Yong Lin · Yishi Xu · Linan Yue · Tao Yang · Weixin Chen · Qi Liu · Jiaqi Chen · Dongsheng Wang · Baoyuan Wu · Yuwang Wang · Hao Pan · Shengyu Zhu · Zhenwei Miao · Yan Lu · Lu Tan · Bo Chen · Yichao Du · Haoqian Wang · Wei Li · Yanqing An · Ruiying Lu · Peng Cui · Nanning Zheng · Li Wang · Zhibin Duan · Xiatian Zhu · Mingyuan Zhou · Enhong Chen · Li Zhang -
2022 Spotlight: VideoMAE: Masked Autoencoders are Data-Efficient Learners for Self-Supervised Video Pre-Training »
Zhan Tong · Yibing Song · Jue Wang · Limin Wang -
2022 Spotlight: Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples »
Weixin Chen · Baoyuan Wu · Haoqian Wang -
2022 Spotlight: Lightning Talks 5B-1 »
Devansh Arpit · Xiaojun Xu · Zifan Shi · Ivan Skorokhodov · Shayan Shekarforoush · Zhan Tong · Yiqun Wang · Shichong Peng · Linyi Li · Ivan Skorokhodov · Huan Wang · Yibing Song · David Lindell · Yinghao Xu · Seyed Alireza Moazenipourasil · Sergey Tulyakov · Peter Wonka · Yiqun Wang · Ke Li · David Fleet · Yujun Shen · Yingbo Zhou · Bo Li · Jue Wang · Peter Wonka · Marcus Brubaker · Caiming Xiong · Limin Wang · Deli Zhao · Qifeng Chen · Dit-Yan Yeung -
2022 Poster: One Model to Edit Them All: Free-Form Text-Driven Image Manipulation with Semantic Modulations »
Yiming Zhu · Hongyu Liu · Yibing Song · Ziyang Yuan · Xintong Han · Chun Yuan · Qifeng Chen · Jue Wang -
2022 Poster: MissDAG: Causal Discovery in the Presence of Missing Data with Continuous Additive Noise Models »
Erdun Gao · Ignavier Ng · Mingming Gong · Li Shen · Wei Huang · Tongliang Liu · Kun Zhang · Howard Bondell -
2022 Poster: OST: Improving Generalization of DeepFake Detection via One-Shot Test-Time Training »
Liang Chen · Yong Zhang · Yibing Song · Jue Wang · Lingqiao Liu -
2022 Poster: Stability Analysis and Generalization Bounds of Adversarial Training »
Jiancong Xiao · Yanbo Fan · Ruoyu Sun · Jue Wang · Zhi-Quan Luo -
2022 Poster: AdaptFormer: Adapting Vision Transformers for Scalable Visual Recognition »
Shoufa Chen · Chongjian GE · Zhan Tong · Jiangliu Wang · Yibing Song · Jue Wang · Ping Luo -
2022 Poster: VideoMAE: Masked Autoencoders are Data-Efficient Learners for Self-Supervised Video Pre-Training »
Zhan Tong · Yibing Song · Jue Wang · Limin Wang -
2021 Poster: Sparse Training via Boosting Pruning Plasticity with Neuroregeneration »
Shiwei Liu · Tianlong Chen · Xiaohan Chen · Zahra Atashgahi · Lu Yin · Huanyu Kou · Li Shen · Mykola Pechenizkiy · Zhangyang Wang · Decebal Constantin Mocanu -
2021 Poster: Revitalizing CNN Attention via Transformers in Self-Supervised Visual Representation Learning »
Chongjian GE · Youwei Liang · YIBING SONG · Jianbo Jiao · Jue Wang · Ping Luo -
2021 Poster: Random Noise Defense Against Query-Based Black-Box Attacks »
Zeyu Qin · Yanbo Fan · Hongyuan Zha · Baoyuan Wu -
2017 Poster: Learning with Average Top-k Loss »
Yanbo Fan · Siwei Lyu · Yiming Ying · Baogang Hu