Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping

Authors

  • Qinliang Lin Computer Vision Institute, School of Computer Science & Software Engineering, Shenzhen University
  • Cheng Luo Computer Vision Institute, School of Computer Science & Software Engineering, Shenzhen University
  • Zenghao Niu Computer Vision Institute, School of Computer Science & Software Engineering, Shenzhen University
  • Xilin He Computer Vision Institute, School of Computer Science & Software Engineering, Shenzhen University
  • Weicheng Xie Computer Vision Institute, School of Computer Science & Software Engineering, Shenzhen University Shenzhen Institute of Artificial Intelligence and Robotics for Society Guangdong Key Laboratory of Intelligent Information Processing
  • Yuanbo Hou WAVES Research Group, Ghent University, Belgium
  • Linlin Shen Computer Vision Institute, School of Computer Science & Software Engineering, Shenzhen University Shenzhen Institute of Artificial Intelligence and Robotics for Society Guangdong Key Laboratory of Intelligent Information Processing
  • Siyang Song University of Leicester, UK

DOI:

https://doi.org/10.1609/aaai.v38i4.28133

Keywords:

CV: Adversarial Attacks & Robustness, CV: Multi-modal Vision

Abstract

Adversarial examples generated by a surrogate model typically exhibit limited transferability to unknown target systems. To address this problem, many transferability enhancement approaches (e.g., input transformation and model augmentation) have been proposed. However, they show poor performances in attacking systems having different model genera from the surrogate model. In this paper, we propose a novel and generic attacking strategy, called Deformation-Constrained Warping Attack (DeCoWA), that can be effectively applied to cross model genus attack. Specifically, DeCoWA firstly augments input examples via an elastic deformation, namely Deformation-Constrained Warping (DeCoW), to obtain rich local details of the augmented input. To avoid severe distortion of global semantics led by random deformation, DeCoW further constrains the strength and direction of the warping transformation by a novel adaptive control strategy. Extensive experiments demonstrate that the transferable examples crafted by our DeCoWA on CNN surrogates can significantly hinder the performance of Transformers (and vice versa) on various tasks, including image classification, video action recognition, and audio recognition. Code is made available at https://github.com/LinQinLiang/DeCoWA.
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

Lin, Q., Luo, C., Niu, Z., He, X., Xie, W., Hou, Y., Shen, L., & Song, S. (2024). Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping. Proceedings of the AAAI Conference on Artificial Intelligence, 38(4), 3459-3467. https://doi.org/10.1609/aaai.v38i4.28133

Issue

Vol. 38 No. 4: AAAI-24 Technical Tracks 4

Section

AAAI Technical Track on Computer Vision III