Harmonizing Intra-coherence and Inter-divergence in Ensemble Attacks for Adversarial Transferability
This work addresses security threats to deep neural networks from adversarial attacks, but it is incremental as it builds on existing ensemble attack methods.
The paper tackled the problem of improving adversarial example transferability in model ensemble attacks by addressing insufficient shared gradient capture and lack of adaptive weight allocation, resulting in HEAT significantly outperforming existing methods across various datasets and settings.
The development of model ensemble attacks has significantly improved the transferability of adversarial examples, but this progress also poses severe threats to the security of deep neural networks. Existing methods, however, face two critical challenges: insufficient capture of shared gradient directions across models and a lack of adaptive weight allocation mechanisms. To address these issues, we propose a novel method Harmonized Ensemble for Adversarial Transferability (HEAT), which introduces domain generalization into adversarial example generation for the first time. HEAT consists of two key modules: Consensus Gradient Direction Synthesizer, which uses Singular Value Decomposition to synthesize shared gradient directions; and Dual-Harmony Weight Orchestrator which dynamically balances intra-domain coherence, stabilizing gradients within individual models, and inter-domain diversity, enhancing transferability across models. Experimental results demonstrate that HEAT significantly outperforms existing methods across various datasets and settings, offering a new perspective and direction for adversarial attack research.