CDTA: A Cross-Domain Transfer-Based Attack with Contrastive Learning

Authors

  • Zihan Li Sun Yat-sen University
  • Weibin Wu Sun Yat-sen University
  • Yuxin Su Sun Yat-sen University
  • Zibin Zheng Sun Yat-sen University
  • Michael R. Lyu The Chinese University of Hong Kong

DOI:

https://doi.org/10.1609/aaai.v37i2.25239

Keywords:

CV: Adversarial Attacks & Robustness, ML: Adversarial Learning & Robustness

Abstract

Despite the excellent performance, deep neural networks (DNNs) have been shown to be vulnerable to adversarial examples. Besides, these examples are often transferable among different models. In other words, the same adversarial example can fool multiple models with different architectures at the same time. Based on this property, many black-box transfer-based attack techniques have been developed. However, current transfer-based attacks generally focus on the cross-architecture setting, where the attacker has access to the training data of the target model, which is not guaranteed in realistic situations. In this paper, we design a Cross-Domain Transfer-Based Attack (CDTA), which works in the cross-domain scenario. In this setting, attackers have no information about the target model, such as its architecture and training data. Specifically, we propose a contrastive spectral training method to train a feature extractor on a source domain (e.g., ImageNet) and use it to craft adversarial examples on target domains (e.g., Oxford 102 Flower). Our method corrupts the semantic information of the benign image by scrambling the outputs of both the intermediate feature layers and the final layer of the feature extractor. We evaluate CDTA with 16 target deep models on four datasets with widely varying styles. The results confirm that, in terms of the attack success rate, our approach can consistently outperform the state-of-the-art baselines by an average of 11.45% across all target models. Our code is available at https://github.com/LiulietLee/CDTA.
AAAI-23 Proceedings Cover

Downloads

Published

2023-06-26

How to Cite

Li, Z., Wu, W., Su, Y., Zheng, Z., & Lyu, M. R. (2023). CDTA: A Cross-Domain Transfer-Based Attack with Contrastive Learning. Proceedings of the AAAI Conference on Artificial Intelligence, 37(2), 1530-1538. https://doi.org/10.1609/aaai.v37i2.25239

Issue

Vol. 37 No. 2: AAAI-23 Technical Tracks 2

Section

AAAI Technical Track on Computer Vision II