An Intermediate-level Attack Framework on The Basis of Linear Regression
This work addresses the challenge of creating more effective adversarial attacks for machine learning security, representing an incremental advancement over previous methods.
The paper tackles the problem of improving the transferability of adversarial examples by proposing a framework that establishes a linear mapping from intermediate-level feature discrepancies to prediction loss, achieving new state-of-the-art results on transfer-based attacks.
This paper substantially extends our work published at ECCV, in which an intermediate-level attack was proposed to improve the transferability of some baseline adversarial examples. Specifically, we advocate a framework in which a direct linear mapping from the intermediate-level discrepancies (between adversarial features and benign features) to prediction loss of the adversarial example is established. By delving deep into the core components of such a framework, we show that 1) a variety of linear regression models can all be considered in order to establish the mapping, 2) the magnitude of the finally obtained intermediate-level adversarial discrepancy is correlated with the transferability, 3) further boost of the performance can be achieved by performing multiple runs of the baseline attack with random initialization. In addition, by leveraging these findings, we achieve new state-of-the-arts on transfer-based $\ell_\infty$ and $\ell_2$ attacks. Our code is publicly available at https://github.com/qizhangli/ila-plus-plus-lr.