Improving the Transferability of Adversarial Examples with Diverse Gradients

Yangjie Cao; Haobo Wang; Chenxi Zhu; Yan Zhuang; Jie Li; Xianfu Chen

doi:10.1109/IJCNN54540.2023.10191889

Improving the Transferability of Adversarial Examples with Diverse Gradients

Yangjie Cao, Haobo Wang, Chenxi Zhu, Yan Zhuang^*, Jie Li, Xianfu Chen

^*Corresponding author for this work

BA6401 Connectivity solutions

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

2 Citations (Scopus)

Abstract

Previous works have proven the superior performance of ensemble-based black-box attacks on transferability. However, existing methods require significant difference in architecture among the source models to ensure gradient diversity. In this paper, we propose a Diverse Gradient Method (DGM), verifying that knowledge distillation is able to generate diverse gradients from unchangeable model architecture for boosting transferability. The core idea behind our DGM is to obtain transferable adversarial perturbations by fusing diverse gradients provided by a single source model and its distilled versions through an ensemble strategy. Experimental results show that DGM successfully crafts adversarial examples with higher transferability, only requiring extremely low training cost. Furthermore, our proposed method could be used as a flexible module to improve transferability of most of existing black-box attacks.

Original language	English
Title of host publication	IJCNN 2023 - International Joint Conference on Neural Networks
Subtitle of host publication	Proceedings
Publisher	IEEE Institute of Electrical and Electronic Engineers
Number of pages	9
ISBN (Electronic)	978-1-6654-8867-9
ISBN (Print)	978-1-6654-8868-6
DOIs	https://doi.org/10.1109/IJCNN54540.2023.10191889
Publication status	Published - 2 Aug 2023
MoE publication type	A4 Article in a conference publication
Event	International Joint Conference on Neural Networks, IJCNN 2023 - Gold Coast, Australia Duration: 18 Jun 2023 → 23 Jun 2023

Publication series

Series	Proceedings of the International Joint Conference on Neural Networks
Volume	2023-June

Conference

Conference	International Joint Conference on Neural Networks, IJCNN 2023
Country/Territory	Australia
City	Gold Coast
Period	18/06/23 → 23/06/23

Funding

VI. ACKNOWLEDGEMENT This research was funded by the National Natural Science Foundation of China under Grant 61972092, the Collaborative Innovation Major Project of Zhengzhou (20XTZX06013) and the Strategic Research and Consulting Project of Chinese Academy of Engineering (No. 2022HENYB03).

Keywords

Adversarial examples
Black-box attack
Gradient diversity
Transferability

Access to Document

10.1109/IJCNN54540.2023.10191889

Cite this

@inproceedings{4422d9aebb9342519fdda83aa05bd1d5,

title = "Improving the Transferability of Adversarial Examples with Diverse Gradients",

abstract = "Previous works have proven the superior performance of ensemble-based black-box attacks on transferability. However, existing methods require significant difference in architecture among the source models to ensure gradient diversity. In this paper, we propose a Diverse Gradient Method (DGM), verifying that knowledge distillation is able to generate diverse gradients from unchangeable model architecture for boosting transferability. The core idea behind our DGM is to obtain transferable adversarial perturbations by fusing diverse gradients provided by a single source model and its distilled versions through an ensemble strategy. Experimental results show that DGM successfully crafts adversarial examples with higher transferability, only requiring extremely low training cost. Furthermore, our proposed method could be used as a flexible module to improve transferability of most of existing black-box attacks.",

keywords = "Adversarial examples, Black-box attack, Gradient diversity, Transferability",

author = "Yangjie Cao and Haobo Wang and Chenxi Zhu and Yan Zhuang and Jie Li and Xianfu Chen",

note = "Funding Information: VI. ACKNOWLEDGEMENT This research was funded by the National Natural Science Foundation of China under Grant 61972092, the Collaborative Innovation Major Project of Zhengzhou (20XTZX06013) and the Strategic Research and Consulting Project of Chinese Academy of Engineering (No. 2022HENYB03). Publisher Copyright: {\textcopyright} 2023 IEEE.; International Joint Conference on Neural Networks, IJCNN 2023 ; Conference date: 18-06-2023 Through 23-06-2023",

year = "2023",

month = aug,

day = "2",

doi = "10.1109/IJCNN54540.2023.10191889",

language = "English",

isbn = "978-1-6654-8868-6",

series = "Proceedings of the International Joint Conference on Neural Networks",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

booktitle = "IJCNN 2023 - International Joint Conference on Neural Networks",

address = "United States",

}

Cao, Y, Wang, H, Zhu, C, Zhuang, Y, Li, J & Chen, X 2023, Improving the Transferability of Adversarial Examples with Diverse Gradients. in IJCNN 2023 - International Joint Conference on Neural Networks: Proceedings. IEEE Institute of Electrical and Electronic Engineers, Proceedings of the International Joint Conference on Neural Networks, vol. 2023-June, International Joint Conference on Neural Networks, IJCNN 2023, Gold Coast, Queensland, Australia, 18/06/23. https://doi.org/10.1109/IJCNN54540.2023.10191889

Improving the Transferability of Adversarial Examples with Diverse Gradients. / Cao, Yangjie; Wang, Haobo; Zhu, Chenxi et al.
IJCNN 2023 - International Joint Conference on Neural Networks: Proceedings. IEEE Institute of Electrical and Electronic Engineers, 2023. (Proceedings of the International Joint Conference on Neural Networks, Vol. 2023-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Improving the Transferability of Adversarial Examples with Diverse Gradients

AU - Cao, Yangjie

AU - Wang, Haobo

AU - Zhu, Chenxi

AU - Zhuang, Yan

AU - Li, Jie

AU - Chen, Xianfu

N1 - Funding Information: VI. ACKNOWLEDGEMENT This research was funded by the National Natural Science Foundation of China under Grant 61972092, the Collaborative Innovation Major Project of Zhengzhou (20XTZX06013) and the Strategic Research and Consulting Project of Chinese Academy of Engineering (No. 2022HENYB03). Publisher Copyright: © 2023 IEEE.

PY - 2023/8/2

Y1 - 2023/8/2

N2 - Previous works have proven the superior performance of ensemble-based black-box attacks on transferability. However, existing methods require significant difference in architecture among the source models to ensure gradient diversity. In this paper, we propose a Diverse Gradient Method (DGM), verifying that knowledge distillation is able to generate diverse gradients from unchangeable model architecture for boosting transferability. The core idea behind our DGM is to obtain transferable adversarial perturbations by fusing diverse gradients provided by a single source model and its distilled versions through an ensemble strategy. Experimental results show that DGM successfully crafts adversarial examples with higher transferability, only requiring extremely low training cost. Furthermore, our proposed method could be used as a flexible module to improve transferability of most of existing black-box attacks.

AB - Previous works have proven the superior performance of ensemble-based black-box attacks on transferability. However, existing methods require significant difference in architecture among the source models to ensure gradient diversity. In this paper, we propose a Diverse Gradient Method (DGM), verifying that knowledge distillation is able to generate diverse gradients from unchangeable model architecture for boosting transferability. The core idea behind our DGM is to obtain transferable adversarial perturbations by fusing diverse gradients provided by a single source model and its distilled versions through an ensemble strategy. Experimental results show that DGM successfully crafts adversarial examples with higher transferability, only requiring extremely low training cost. Furthermore, our proposed method could be used as a flexible module to improve transferability of most of existing black-box attacks.

KW - Adversarial examples

KW - Black-box attack

KW - Gradient diversity

KW - Transferability

UR - http://www.scopus.com/inward/record.url?scp=85169558849&partnerID=8YFLogxK

U2 - 10.1109/IJCNN54540.2023.10191889

DO - 10.1109/IJCNN54540.2023.10191889

M3 - Conference article in proceedings

AN - SCOPUS:85169558849

SN - 978-1-6654-8868-6

T3 - Proceedings of the International Joint Conference on Neural Networks

BT - IJCNN 2023 - International Joint Conference on Neural Networks

PB - IEEE Institute of Electrical and Electronic Engineers

T2 - International Joint Conference on Neural Networks, IJCNN 2023

Y2 - 18 June 2023 through 23 June 2023

ER -

Cao Y, Wang H, Zhu C, Zhuang Y, Li J, Chen X. Improving the Transferability of Adversarial Examples with Diverse Gradients. In IJCNN 2023 - International Joint Conference on Neural Networks: Proceedings. IEEE Institute of Electrical and Electronic Engineers. 2023. (Proceedings of the International Joint Conference on Neural Networks, Vol. 2023-June). doi: 10.1109/IJCNN54540.2023.10191889

Improving the Transferability of Adversarial Examples with Diverse Gradients

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this