AIM: Additional Image Guided Generation of Transferable Adversarial Attacks

Transferable adversarial examples highlight the vulnerability of deep neural networks (DNNs) to imperceptible perturbations across various real-world applications. While there have been notable advancements in untargeted transferable attacks, targeted transferable attacks remain a significant challenge. In this work, we focus on generative approaches for targeted transferable attacks. Current generative attacks focus on reducing overfitting to surrogate models and the source data domain, but they often overlook the importance of enhancing transferability through additional semantics. To address this issue, we introduce a novel plug-and-play module into the general generator architecture to enhance adversarial transferability. Specifically, we propose a \emph{Semantic Injection Module} (SIM) that utilizes the semantics contained in an additional guiding image to improve transferability. The guiding image provides a simple yet effective method to incorporate target semantics from the target class to create targeted and highly transferable attacks. Additionally, we propose new loss formulations that can integrate the semantic injection module more effectively for both targeted and untargeted attacks. We conduct comprehensive experiments under both targeted and untargeted attack settings to demonstrate the efficacy of our proposed approach.

Key Contributions

• Proposes the Semantic Injection Module (SIM), a lightweight plug-and-play component that conditions an adversarial generator on a guiding image to inject target-class semantics and improve transferability.
• Introduces new loss formulations (logit contrastive loss and mid-layer similarity loss) tailored for both targeted and untargeted generative attacks using SIM.
• Demonstrates superior targeted transferability over prior generative attack methods and competitive untargeted performance via comprehensive experiments.

🛡️ Threat Analysis

Details

Similar Papers