Adaptive Image Transformations for Transfer-based Adversarial Attack
This work addresses the need for more effective adversarial attacks to test model robustness, but it is incremental as it builds on existing transformation-based methods.
The paper tackles the problem of improving transferability in black-box adversarial attacks by proposing an adaptive image transformation learner that selects transformations based on input image characteristics, achieving significant improvements in attack success rates on ImageNet models.
Adversarial attacks provide a good way to study the robustness of deep learning models. One category of methods in transfer-based black-box attack utilizes several image transformation operations to improve the transferability of adversarial examples, which is effective, but fails to take the specific characteristic of the input image into consideration. In this work, we propose a novel architecture, called Adaptive Image Transformation Learner (AITL), which incorporates different image transformation operations into a unified framework to further improve the transferability of adversarial examples. Unlike the fixed combinational transformations used in existing works, our elaborately designed transformation learner adaptively selects the most effective combination of image transformations specific to the input image. Extensive experiments on ImageNet demonstrate that our method significantly improves the attack success rates on both normally trained models and defense models under various settings.