AdvSmo: Black-box Adversarial Attack by Smoothing Linear Structure of Texture
This addresses the challenge of creating effective adversarial attacks in black-box settings for machine learning security, representing a strong specific gain rather than a foundational advancement.
The paper tackled the problems of poor transferability and inability to evade adversarial defenses in black-box attacks by proposing AdvSmo, which smooths the linear texture of images to generate adversarial examples, resulting in average attack success rate improvements of 9% on CIFAR-10 and 16% on Tiny-ImageNet compared to existing methods.
Black-box attacks usually face two problems: poor transferability and the inability to evade the adversarial defense. To overcome these shortcomings, we create an original approach to generate adversarial examples by smoothing the linear structure of the texture in the benign image, called AdvSmo. We construct the adversarial examples without relying on any internal information to the target model and design the imperceptible-high attack success rate constraint to guide the Gabor filter to select appropriate angles and scales to smooth the linear texture from the input images to generate adversarial examples. Benefiting from the above design concept, AdvSmo will generate adversarial examples with strong transferability and solid evasiveness. Finally, compared to the four advanced black-box adversarial attack methods, for the eight target models, the results show that AdvSmo improves the average attack success rate by 9% on the CIFAR-10 and 16% on the Tiny-ImageNet dataset compared to the best of these attack methods.