Angular Gradient Sign Method: Uncovering Vulnerabilities in Hyperbolic Networks

Adversarial examples in neural networks have been extensively studied in Euclidean geometry, but recent advances in \textit{hyperbolic networks} call for a reevaluation of attack strategies in non-Euclidean geometries. Existing methods such as FGSM and PGD apply perturbations without regard to the underlying hyperbolic structure, potentially leading to inefficient or geometrically inconsistent attacks. In this work, we propose a novel adversarial attack that explicitly leverages the geometric properties of hyperbolic space. Specifically, we compute the gradient of the loss function in the tangent space of hyperbolic space, decompose it into a radial (depth) component and an angular (semantic) component, and apply perturbation derived solely from the angular direction. Our method generates adversarial examples by focusing perturbations in semantically sensitive directions encoded in angular movement within the hyperbolic geometry. Empirical results on image classification, cross-modal retrieval tasks and network architectures demonstrate that our attack achieves higher fooling rates than conventional adversarial attacks, while producing high-impact perturbations with deeper insights into vulnerabilities of hyperbolic embeddings. This work highlights the importance of geometry-aware adversarial strategies in curved representation spaces and provides a principled framework for attacking hierarchical embeddings.

Key Contributions

Identifies that conventional adversarial attacks (FGSM, PGD) are geometry-agnostic and suboptimal for hyperbolic networks, with radial perturbations having near-zero impact on accuracy while angular perturbations are semantically destructive.
Proposes AGSM (Angular Gradient Sign Method), which decomposes the loss gradient in hyperbolic tangent space into radial and angular components and applies perturbations exclusively along the angular (semantic) direction.
Empirically demonstrates that AGSM achieves higher fooling rates than FGSM and PGD on both hyperbolic image classification (CIFAR-100) and cross-modal retrieval tasks.

🛡️ Threat Analysis

Input Manipulation Attack

AGSM is a gradient-based adversarial example attack at inference time, crafting inputs that cause misclassification in hyperbolic networks by exploiting the angular component of the loss gradient in tangent space — a direct extension of FGSM/PGD adapted for non-Euclidean geometry.

Details

Domains

visionmultimodal

Model Types

cnntransformer

Threat Tags

white_boxinference_timeuntargeteddigital

Datasets

CIFAR-100

Applications

Key Contributions

🛡️ Threat Analysis

Details

Similar Papers

The Power of Decaying Steps: Enhancing Attack Stability and Transferability for Sign-based Optimizers

A Unified Spatial Alignment Framework for Highly Transferable Transformation-Based Attacks on Spatially Structured Tasks

Structured Universal Adversarial Attacks on Object Detection for Video Sequences

Sequential Difference Maximization: Generating Adversarial Examples via Multi-Stage Optimization

DASH: A Meta-Attack Framework for Synthesizing Effective and Stealthy Adversarial Examples

Less Is More: Sparse and Cooperative Perturbation for Point Cloud Attacks

RefSR-Adv: Adversarial Attack on Reference-based Image Super-Resolution Models

Adversarial Attention Perturbations for Large Object Detection Transformers