Improving the Transferability of Adversarial Examples with New Iteration Framework and Input Dropout
This work addresses the problem of improving adversarial example transferability for security applications, representing an incremental advancement in attack methods.
The paper tackles the vulnerability of deep neural networks to black-box adversarial attacks by proposing a new gradient iteration framework and an input dropout method, achieving an average attack success rate of 96.2% on defense models, which is higher than state-of-the-art gradient-based attacks.
Deep neural networks(DNNs) is vulnerable to be attacked by adversarial examples. Black-box attack is the most threatening attack. At present, black-box attack methods mainly adopt gradient-based iterative attack methods, which usually limit the relationship between the iteration step size, the number of iterations, and the maximum perturbation. In this paper, we propose a new gradient iteration framework, which redefines the relationship between the above three. Under this framework, we easily improve the attack success rate of DI-TI-MIM. In addition, we propose a gradient iterative attack method based on input dropout, which can be well combined with our framework. We further propose a multi dropout rate version of this method. Experimental results show that our best method can achieve attack success rate of 96.2\% for defense model on average, which is higher than the state-of-the-art gradient-based attacks.