Search Results for author:
Found 26 papers, 17 papers with code
Bag of Tricks to Boost Adversarial Transferability
In this work, we find that several tiny changes in the existing adversarial attacks can significantly affect the attack performance, \eg, the number of iterations and step size.
Generating Visually Realistic Adversarial Patch
Moreover, the generated adversarial patches can be disguised as the scrawl or logo in the physical world to fool the deep models without being detected, bringing significant threats to DNNs-enabled applications.
MMA-Diffusion: MultiModal Attack on Diffusion Models
In recent years, Text-to-Image (T2I) models have seen remarkable advancements, gaining widespread adoption.
Rethinking Mixup for Improving the Adversarial Transferability
In this work, we posit that the adversarial examples located at the convergence of decision boundaries across various categories exhibit better transferability and identify that Admix tends to steer the adversarial examples towards such regions.
Structure Invariant Transformation for better Adversarial Transferability
In this work, we find that the existing input transformation based attacks transform the input image globally, resulting in limited diversity of the transformed images.
Improving the Transferability of Adversarial Examples with Arbitrary Style Transfer
Deep neural networks are vulnerable to adversarial examples crafted by applying human-imperceptible perturbations on clean inputs.
Boosting Adversarial Transferability by Block Shuffle and Rotation
In this work, we observe that existing input transformation based attacks, one of the mainstream transfer-based attacks, result in different attention heatmaps on various models, which might limit the transferability.
Rethinking the Backward Propagation for Adversarial Transferability
input image and loss function so as to generate adversarial examples with higher transferability.
Boosting Adversarial Transferability by Achieving Flat Local Maxima
Extensive experimental results on the ImageNet-compatible dataset show that the proposed method can generate adversarial examples at flat local regions, and significantly improve the adversarial transferability on either normally trained models or adversarially trained models than the state-of-the-art attacks.
Diversifying the High-level Features for better Adversarial Transferability
Incorporated into the input transformation-based attacks, DHF generates more transferable adversarial examples and outperforms the baselines with a clear margin when attacking several defense models, showing its generalization to various attacks and high effectiveness for boosting transferability.
Improving the Transferability of Adversarial Samples by Path-Augmented Method
However, such methods selected the image augmentation path heuristically and may augment images that are semantics-inconsistent with the target images, which harms the transferability of the generated adversarial samples.
Improving Adversarial Transferability with Scheduled Step Size and Dual Example
Motivated by this finding, we argue that the information of adversarial perturbations near the benign sample, especially the direction, benefits more on the transferability.
Robust Textual Embedding against Word-level Adversarial Attacks
We attribute the vulnerability of natural language processing models to the fact that similar inputs are converted to dissimilar representations in the embedding space, leading to inconsistent outputs, and we propose a novel robust training method, termed Fast Triplet Metric Learning (FTML).
TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack
Existing textual adversarial attacks usually utilize the gradient or prediction confidence to generate adversarial examples, making it hard to be deployed in real-world applications.
Triangle Attack: A Query-efficient Decision-based Adversarial Attack
Decision-based attack poses a severe threat to real-world applications since it regards the target model as a black box and only accesses the hard prediction label.
I-PGD-AT: Efficient Adversarial Training via Imitating Iterative PGD Attack
Finally, to demonstrate the generality of I-PGD-AT, we integrate it into PGD adversarial training and show that it can even further improve the robustness.
Detecting Textual Adversarial Examples through Randomized Substitution and Vote
Based on this observation, we propose a novel textual adversarial example detection method, termed Randomized Substitution and Vote (RS&V), which votes the prediction label by accumulating the logits of k samples generated by randomly substituting the words in the input text with synonyms.
Multi-stage Optimization based Adversarial Training
In this work, we aim to avoid the catastrophic overfitting by introducing multi-step adversarial examples during the single-step adversarial training.
Enhancing the Transferability of Adversarial Attacks through Variance Tuning
Incorporating variance tuning with input transformations on iterative gradient-based attacks in the multi-model setting, the integrated method could achieve an average success rate of 90. 1% against nine advanced defense methods, improving the current best attack performance significantly by 85. 1% .
Boosting Adversarial Transferability through Enhanced Momentum
Various momentum iterative gradient-based methods are shown to be effective to improve the adversarial transferability.
Admix: Enhancing the Transferability of Adversarial Attacks
We investigate in this direction and observe that existing transformations are all applied on a single image, which might limit the adversarial transferability.
AT-GAN: An Adversarial Generative Model for Non-constrained Adversarial Examples
A recent work targets unrestricted adversarial example using generative model but their method is based on a search in the neighborhood of input noise, so actually their output is still constrained by input.
Adversarial Training with Fast Gradient Projection Method against Synonym Substitution based Text Attacks
Adversarial training is the most empirically successful approach in improving the robustness of deep neural networks for image classification. For text classification, however, existing synonym substitution based adversarial attacks are effective but not efficient to be incorporated into practical text adversarial training.
Natural Language Adversarial Defense through Synonym Encoding
In the area of natural language processing, deep learning models are recently known to be vulnerable to various types of adversarial perturbations, but relatively few works are done on the defense side.
A New Anchor Word Selection Method for the Separable Topic Discovery
In this work, we propose a new method for the anchor word selection by associating the word co-occurrence probability with the words similarity and assuming that the most different words on semantic are potential candidates for the anchor words.
AT-GAN: An Adversarial Generator Model for Non-constrained Adversarial Examples
In this way, AT-GAN can learn the distribution of adversarial examples that is very close to the distribution of real data.
