对抗制
可转让性
突出
计算机科学
摄动(天文学)
人工智能
算法
机器学习
物理
罗伊特
量子力学
作者
Shihui Zhang,Dongxu Zuo,Yongliang Yang,Xiaowei Zhang
标识
DOI:10.1109/tmm.2022.3173533
摘要
Deep neural networks are vulnerable to adversarial examples which are crafted by adding small perturbations on benign examples. However, most existing attack methods often perform a poor transferability to attack black-box models, especially to attack defense methods. In addition, perturbations added to semantically irrelevant regions of benign examples are usually inefficient for attacks. To address these issues, we propose a transferable adversarial belief attack with salient region perturbation restriction method, which improves transferability of adversarial examples and decreases the amount of perturbations significantly. Specifically, we first design a salient-region-based perturbation restriction strategy to restrict the range of perturbations into a salient region. After that, we present a transferable belief attack method to generate adversarial examples iteratively. Besides, our method can be easily integrated with other gradient-based transfer attack methods to further enhance the transferability of adversarial examples. Extensive experiments on the ImageNet dataset show that our method achieves higher transferability with lower perturbations than the state-of-the-art attack methods.
科研通智能强力驱动
Strongly Powered by AbleSci AI