Intermediate Level Adversarial Attack for Enhanced Transferability
This addresses a security vulnerability in neural networks for adversarial attack scenarios, but it is incremental as it builds on existing transfer attack methods.
The paper tackles the problem of adversarial examples overfitting to source models, reducing black-box transferability, by introducing the Intermediate Level Attack (ILA) to fine-tune perturbations on specific layers, achieving enhanced transferability without target model knowledge.
Neural networks are vulnerable to adversarial examples, malicious inputs crafted to fool trained models. Adversarial examples often exhibit black-box transfer, meaning that adversarial examples for one model can fool another model. However, adversarial examples may be overfit to exploit the particular architecture and feature representation of a source model, resulting in sub-optimal black-box transfer attacks to other target models. This leads us to introduce the Intermediate Level Attack (ILA), which attempts to fine-tune an existing adversarial example for greater black-box transferability by increasing its perturbation on a pre-specified layer of the source model. We show that our method can effectively achieve this goal and that we can decide a nearly-optimal layer of the source model to perturb without any knowledge of the target models.