Boosting the Transferability of Adversarial Examples via Local Mixup and Adaptive Step Size
This work addresses security threats in visual applications by improving adversarial example transferability, though it is incremental as it builds on existing input-diversity methods.
The paper tackles the challenge of generating transferable adversarial examples in black-box settings by proposing a framework that combines local mixup for enhanced input diversity and adaptive step sizes for precise perturbation generation, achieving superior transferability on ImageNet compared to state-of-the-art baselines.
Adversarial examples are one critical security threat to various visual applications, where injected human-imperceptible perturbations can confuse the output.Generating transferable adversarial examples in the black-box setting is crucial but challenging in practice. Existing input-diversity-based methods adopt different image transformations, but may be inefficient due to insufficient input diversity and an identical perturbation step size. Motivated by the fact that different image regions have distinctive weights in classification, this paper proposes a black-box adversarial generative framework by jointly designing enhanced input diversity and adaptive step sizes. We design local mixup to randomly mix a group of transformed adversarial images, strengthening the input diversity. For precise adversarial generation, we project the perturbation into the $tanh$ space to relax the boundary constraint. Moreover, the step sizes of different regions can be dynamically adjusted by integrating a second-order momentum.Extensive experiments on ImageNet validate that our framework can achieve superior transferability compared to state-of-the-art baselines.