Stochastic Universal Adversarial Perturbations with Fixed Optimization Constraint and Ensured High-probability Transferability

Authors

  • Yulin Jin Department of Electrical and Electronic Engineering, The Hong Kong Polytechnic University. The State Key Laboratory of Blockchain and Data Security, Zhejiang University.
  • Xiaoyu Zhang State Key Laboratory of ISN, Xidian University, Xi’an, Shaanxi, China. Key Laboratory of Data and Intelligent System Security Ministry of Education, China.
  • Haoyu Tong Department of Electrical and Electronic Engineering, The Hong Kong Polytechnic University.
  • Jian Lou State Key Laboratory of ISN, Xidian University, Xi’an, Shaanxi, China.
  • Kai Wu State Key Laboratory of ISN, Xidian University, Xi’an, Shaanxi, China.
  • Haibo Hu Department of Electrical and Electronic Engineering, The Hong Kong Polytechnic University. Research Centre for Privacy and Security Technologies in Future Smart Systems, The Hong Kong Polytechnic University.
  • Xiaofeng Chen State Key Laboratory of ISN, Xidian University, Xi’an, Shaanxi, China.

DOI:

https://doi.org/10.1609/aaai.v40i1.37015

Abstract

Adversarial perturbations (APs) have become a great concern in image classification tasks. The most challenging branch, universal adversarial perturbations (UAPs), are exploited to fool most of the unseen samples. Such one-to-all perturbations have the merit of transferability, which has strong practical significance. In this paper, we firstly define the transferability gap and the algorithm stability of the UAP algorithm, and prove the relationship between them. In analyzing the UAP algorithm stability, we prove that the convergence domain of existing UAP algorithms with dynamic constraints is excessively small, which degrades the capacity of UAPs. Thus, we further propose a new expected constraint and prove that UAPs in the expected constraint suit any sample in a high probability. Besides, we propose a Stochastic Universal Adversarial Perturbation (SUAP) that involves additive noise and the expected constraint. Finally, by treating the proposed algorithm as a stochastic differential equation, we prove an upper bound of the UAP algorithm stability of SUAP, which decreases exponentially at the beginning and then increases with a sublinear rate to at most a fixed constant. Experimental results show that SUAP is aligned with our analysis.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Jin, Y., Zhang, X., Tong, H., Lou, J., Wu, K., Hu, H., & Chen, X. (2026). Stochastic Universal Adversarial Perturbations with Fixed Optimization Constraint and Ensured High-probability Transferability. Proceedings of the AAAI Conference on Artificial Intelligence, 40(1), 516–524. https://doi.org/10.1609/aaai.v40i1.37015

Issue

Vol. 40 No. 1: AAAI-26 Technical Tracks 1

Section

AAAI Technical Track on Application Domains I