对抗制
计算机科学
可转让性
特征(语言学)
计算机安全
特征提取
人工智能
模式识别(心理学)
数据挖掘
机器学习
语言学
哲学
罗伊特
作者
Desheng Zheng,Wuping Ke,Xiaoyu Li,Yaoxin Duan,Guangqiang Yin,Fan Min
标识
DOI:10.1109/tifs.2025.3526067
摘要
Adversarial examples have posed a serious threat to deep neural networks due to their transferability. Existing transfer-based attacks tend to improve the transferability of adversarial examples by destroying intrinsic features. However, prior work typically employed single-dimensional or additive importance estimates, which provide inaccurate representations of features. In this work, we propose the Multi-Feature Attention Attack (MFAA), which fuses multiple layers of feature representations to disrupt category-related features and thus improve the transferability of the adversarial examples. First, MFAA introduces a layer-aggregation gradient (LAG) to obtain guidance maps, which reflect the importance of features in multiple scales. Second, it generates ensemble attention (EA), preserving object-specific features and offsetting model-specific features based on the guidance maps. Third, EA is iteratively disturbed to achieve high transferability of the adversarial examples. Empirical evaluation on the standard ImageNet dataset shows that adversarial examples crafted by MFAA can effectively attack different networks. Compared to the state-of-the-art transferable attacks, our attack improves the average attack success rate of the black-box model with defense from 88.5% to 94.1% on single-model attacks and from 86.6% to 95.1% on ensemble attacks. Our code is available at Github: https://github.com/KWPCCC/MFAA.
科研通智能强力驱动
Strongly Powered by AbleSci AI