Poster
Generate Universal Adversarial Perturbations for Few-Shot Learning
Yiman Hu · Yixiong Zou · Ruixuan Li · Yuhua Li
East Exhibit Hall A-C #1508
Deep networks are known to be vulnerable to adversarial examples which are deliberately designed to mislead the trained model by introducing imperceptible perturbations to input samples. Classical adversarial perturbations are specifically crafted for each data point independently. In contrast, Universal Adversarial Perturbations (UAPs), which are agnostic to input data, are shown to be more practical in the real world. However, UAPs are typically generated in a close-set scenario that shares the same classification task during the training and testing phases. This paper demonstrates the ineffectiveness of traditional UAPs in open-set scenarios like Few-Shot Learning (FSL). Through analysis, we identify two primary challenges that hinder the attacking process: the task shift and the semantic shift. To enhance the transferability of UAPs in FSL, we propose a unifying attacking framework addressing these two shifts. The task shift is addressed by aligning proxy tasks to the downstream tasks, while the semantic shift is handled by leveraging the generalizability of pre-trained encoders. The proposed framework can effectively generate UAPs across various FSL training paradigms and different downstream tasks. Our approach not only sets a new standard for state-of-the-art works but also significantly enhances attack performance, exceeding the baseline method by over 16%.
Live content is unavailable. Log in and register to view live content