Boosting Adversarial Transferability via High-Frequency Augmentation and Hierarchical-Gradient Fusion
This work addresses security vulnerabilities in machine learning models, particularly for adversarial attacks, with incremental improvements in transferability.
The paper tackled the problem of enhancing adversarial transferability in black-box machine learning models by introducing the Frequency-Space Attack (FSA) framework, which achieved an average attack success rate increase of 23.6% compared to a state-of-the-art method on eight black-box defense models.
Adversarial attacks have become a significant challenge in the security of machine learning models, particularly in the context of black-box defense strategies. Existing methods for enhancing adversarial transferability primarily focus on the spatial domain. This paper presents Frequency-Space Attack (FSA), a new adversarial attack framework that effectively integrates frequency-domain and spatial-domain transformations. FSA combines two key techniques: (1) High-Frequency Augmentation, which applies Fourier transform with frequency-selective amplification to diversify inputs and emphasize the critical role of high-frequency components in adversarial attacks, and (2) Hierarchical-Gradient Fusion, which merges multi-scale gradient decomposition and fusion to capture both global structures and fine-grained details, resulting in smoother perturbations. Our experiment demonstrates that FSA consistently outperforms state-of-the-art methods across various black-box models. Notably, our proposed FSA achieves an average attack success rate increase of 23.6% compared with BSR (CVPR 2024) on eight black-box defense models.