OMG-ATTACK: Self-Supervised On-Manifold Generation of Transferable Evasion Attacks
This addresses the problem of robust adversarial testing for machine learning practitioners, offering an incremental improvement in transferability for black-box settings.
The paper tackles the challenge of generating transferable evasion attacks for unseen black-box models by introducing a self-supervised, computationally economical method that creates on-manifold adversarial examples resembling the data distribution, resulting in attacks that are significantly more effective against unseen models compared to state-of-the-art methods.
Evasion Attacks (EA) are used to test the robustness of trained neural networks by distorting input data to misguide the model into incorrect classifications. Creating these attacks is a challenging task, especially with the ever-increasing complexity of models and datasets. In this work, we introduce a self-supervised, computationally economical method for generating adversarial examples, designed for the unseen black-box setting. Adapting techniques from representation learning, our method generates on-manifold EAs that are encouraged to resemble the data distribution. These attacks are comparable in effectiveness compared to the state-of-the-art when attacking the model trained on, but are significantly more effective when attacking unseen models, as the attacks are more related to the data rather than the model itself. Our experiments consistently demonstrate the method is effective across various models, unseen data categories, and even defended models, suggesting a significant role for on-manifold EAs when targeting unseen models.