Evaluating Transferability of Attacks across Generative Models
Downloads
The need for adversarial sample transferability is to attack black-box deep learning models. Whereas much recent work focuses on making untargeted adversarial attacks more transferable, there has been scarce research on the creation of transferable targeted adversarial instances that can trick models into believing they are of a particular class. The present transferable targeted adversarial attacks are not transferable since they cannot sufficiently define the distribution of target classes. In this paper, we propose a generative adversarial training system consisting of a feature-label dual discriminator to identify the adversarial instances formed from the target class images and a generator to construct targeted adversarial examples. It is concluded that adversarial scenarios have significant real-world applications in safety-critical fields like biometrics and autonomous driving. In addition, it is demonstrated that the current networks' susceptibility to hostile attacks, even under the worst black-box conditions has far-reaching societal consequences. We intend to further encourage more research into the inner workings of neural networks in the face of adversarial attacks, whereby people might use this knowledge to build robust defense mechanisms.
Agrawal, G., Kaur, A., & Myneni, S. (2023). Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity.
Anbukkarasi, S., & Varadhaganapathy, S. (2022). Neural network-based error handler in natural language processing. Neural Computing and Applications, 34(23), 20629-20638.
Balda, E. R., Behboodi, A., & Mathar, R. (2020). Adversarial examples in deep neural networks: An overview. Deep learning: algorithms and applications, 31-65.
Becerikli, Y., Konar, A. F., & Samad, T. (2003). Intelligent optimal control with dynamic neural networks. Neural networks, 16(2), 251-259.
Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., & Mukhopadhyay, D. (2018). Adversarial attacks and defenses: A survey. arXiv preprint arXiv:1810.00069.
Essich, M., Rehmann, M., & Curio, C. (2023). Auxiliary Task-Guided CycleGAN for Black-Box Model Domain Adaptation. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (pp. 541-550).
Fan, H., Xiong, B., Mangalam, K., Li, Y., Yan, Z., Malik, J., & Feichtenhofer, C. (2021). Multiscale vision transformers. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 6824-6835).
Feng, W., Xu, N., Zhang, T., & Zhang, Y. (2023). Dynamic Generative Targeted Attacks with Pattern Injection. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (pp. 16404-16414).
Gao, H., Zhang, H., Yang, X., Li, W., Gao, F., & Wen, Q. (2022). Generating natural adversarial examples with universal perturbations for text classification. Neurocomputing, 471, 175-182.
Gao, J., Wang, B., Lin, Z., Xu, W., & Qi, Y. (2017). Deepcloak: Masking deep neural network models for robustness against adversarial samples. arXiv preprint arXiv:1702.06763.
Ghosh-Dastidar, S., & Adeli, H. (2009). Spiking neural networks. International journal of neural systems, 19(04), 295-308.
Goldberg, Y. (2016). A primer on neural network models for natural language processing. Journal of Artificial Intelligence Research, 57, 345-420.
Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
Gu, S., & Rigazio, L. (2014). Towards deep neural network architectures robust to adversarial examples. arXiv preprint arXiv:1412.5068.
Guo, Y., Zhang, C., Zhang, C., & Chen, Y. (2018). Sparse dnns with improved adversarial robustness. Advances in neural information processing systems, 31.
Gupta, M., Jin, L., & Homma, N. (2004). Static and dynamic neural networks: from fundamentals to advanced theory. John Wiley & Sons.
Han, J., Dong, X., Zhang, R., Chen, D., Zhang, W., Yu, N., ... & Wang, X. (2019). Once a man: Towards multi-target attack via learning multi-target adversarial network once. In Proceedings of the IEEE/CVF International Conference on Computer Vision (pp. 5158-5167).
Han, Y., Huang, G., Song, S., Yang, L., Wang, H., & Wang, Y. (2021). Dynamic neural networks: A survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, 44(11), 7436-7456.
Hoang, C. D. V., Haffari, G., & Cohn, T. (2017). Towards decoding as continuous optimization in neural machine translation. arXiv preprint arXiv:1701.02854.
Hu, W., & Tan, Y. (2022, November). Generating adversarial malware examples for black-box attacks based on GAN. In International Conference on Data Mining and Big Data (pp. 409-423). Singapore: Springer Nature Singapore.
Huang, S., Papernot, N., Goodfellow, I., Duan, Y., & Abbeel, P. (2017). Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284.
Jacques, P. L. S., Kragel, P. A., & Rubin, D. C. (2011). Dynamic neural networks supporting memory retrieval. Neuroimage, 57(2), 608-616.
Kos, J., Fischer, I., & Song, D. (2018, May). Adversarial examples for generative models. In 2018 ieee security and privacy workshops (spw) (pp. 36-42). IEEE.
Lee, J. D., Sun, Y., & Saunders, M. (2012). Proximal Newton-type methods for convex optimization. Advances in Neural Information Processing Systems, 25.
Li, M., Yang, Y., Wei, K., Yang, X., & Huang, H. (2022, June). Learning universal adversarial perturbation by adversarial example. In Proceedings of the AAAI Conference on Artificial Intelligence (Vol. 36, No. 2, pp. 1350-1358).
Li, Y., Bai, S., Zhou, Y., Xie, C., Zhang, Z., & Yuille, A. (2020, April). Learning transferable adversarial examples via ghost networks. In Proceedings of the AAAI Conference on Artificial Intelligence (Vol. 34, No. 07, pp. 11458-11465).
Li, Y., Liu, S., Chen, K., Xie, X., Zhang, T., & Liu, Y. (2023). Multi-target Backdoor Attacks for Code Pre-trained Models. arXiv preprint arXiv:2306.08350.
Li, Z., Liu, F., Yang, W., Peng, S., & Zhou, J. (2021). A survey of convolutional neural networks: analysis, applications, and prospects. IEEE transactions on neural networks and learning systems.
Lin, Z., Shi, Y., & Xue, Z. (2022, May). Idsgan: Generative adversarial networks for attack generation against intrusion detection. In Asian Pacific Conference on knowledge discovery and data mining (pp. 79-91). Cham: Springer International Publishing.
Lobo, J. L., Del Ser, J., Bifet, A., & Kasabov, N. (2020). Spiking neural networks and online learning: An overview and perspectives. Neural Networks, 121, 88-100.
Luo, D., Zhang, C., Xu, J., Wang, B., Chen, Y., Zhang, Y., & Li, H. (2023). Enhancing Black-Box Few-Shot Text Classification with Prompt-Based Data Augmentation. arXiv preprint arXiv:2305.13785.
Ma, Q. (2002, December). Natural language processing with neural networks. In Language Engineering Conference, 2002. Proceedings (pp. 45-56). IEEE.
Mustafa, A., Khan, S., Hayat, M., Goecke, R., Shen, J., & Shao, L. (2019). Adversarial defense by restricting the hidden space of deep neural networks. In Proceedings of the IEEE/CVF International Conference on Computer Vision (pp. 3385-3394).
Nalisnick, E., Matsukawa, A., Teh, Y. W., Gorur, D., & Lakshminarayanan, B. (2018). Do deep generative models know what they do not know? arXiv preprint arXiv:1810.09136.
O'Shea, K., & Nash, R. (2015). An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458.
Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z. B., & Swami, A. (2017, April). Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security (pp. 506-519).
Park, N., & Kim, S. (2022). How do vision transformers work? arXiv preprint arXiv:2202.06709.
Ponulak, F., & Kasinski, A. (2011). Introduction to spiking neural networks: Information processing, learning and applications. Acta neurobiologiae experimentalis, 71(4), 409-433.
Qin, Z., Fan, Y., Liu, Y., Shen, L., Zhang, Y., Wang, J., & Wu, B. (2022). Boosting the transferability of adversarial attacks with reverse adversarial perturbation. Advances in Neural Information Processing Systems, 35, 29845-29858.
Ranftl, R., Bochkovskiy, A., & Koltun, V. (2021). Vision transformers for dense prediction. In Proceedings of the IEEE/CVF international conference on computer vision (pp. 12179-12188).
Silva, S. H., & Najafirad, P. (2020). Opportunities and challenges in deep learning adversarial robustness: A survey. arXiv preprint arXiv:2007.00753.
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.
Torres, D. G. (2018). Generation of synthetic data with generative adversarial networks (Doctoral dissertation, Royal Institute of Technology).
Wang, D., Yao, W., Jiang, T., & Chen, X. (2023). Improving Transferability of Universal Adversarial Perturbation with Feature Disruption. IEEE Transactions on Image Processing.
Wang, X., & He, K. (2021). Enhancing the transferability of adversarial attacks through variance tuning. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (pp. 1924-1933).
Xiao, C., Li, B., Zhu, J. Y., He, W., Liu, M., & Song, D. (2018). Generating adversarial examples with adversarial networks. arXiv preprint arXiv:1801.02610.
Yang, X., Dong, Y., Pang, T., Su, H., & Zhu, J. (2022, October). Boosting transferability of targeted adversarial examples via hierarchical generative networks. In European Conference on Computer Vision (pp. 725-742). Cham: Springer Nature Switzerland.
Yao, Z. H., Lie, Y. M., Ma, Z. J., Li, Y., & Wei, L. G. (2023). Machine learning-based multi-target cache side-channel attack detection model. Journal of Computer Applications, 0.
Yuan, X., He, P., Zhu, Q., & Li, X. (2019). Adversarial examples: Attacks and defenses for deep learning. IEEE transactions on neural networks and learning systems, 30(9), 2805-2824.
Zhang, J., & Li, C. (2019). Adversarial examples: Opportunities and challenges. IEEE transactions on neural networks and learning systems, 31(7), 2578-2593.
Zhang, J., Wang, Y., & Zhuang, J. (2021). Modeling multi-target defender-attacker games with quantal response attack strategies. Reliability Engineering & System Safety, 205, 107165.
Zhang, M., Wu, S., Yu, X., Liu, Q., & Wang, L. (2022). Dynamic graph neural networks for sequential recommendation. IEEE Transactions on Knowledge and Data Engineering, 35(5), 4741-4753.
Zhao, Z., Dua, D., & Singh, S. (2017). Generating natural adversarial examples. arXiv preprint arXiv:1710.11342.
Zou, J., Duan, Y., Li, B., Zhang, W., Pan, Y., & Pan, Z. (2022, June). Making adversarial examples more transferable and indistinguishable. In Proceedings of the AAAI Conference on Artificial Intelligence (Vol. 36, No. 3, pp. 3662-3670).
Zou, J., Pan, Z., Qiu, J., Liu, X., Rui, T., & Li, W. (2020, August). Improving the transferability of adversarial examples with resized-diverse-inputs, diversity-ensemble, and region fitting. In European Conference on Computer Vision (pp. 563-579). Cham: Springer International Publishing.