Two Heads Are Better Than One: Averaging along Fine-Tuning to Improve Targeted Transferability

Two Heads Are Better Than One: Averaging along Fine-Tuning to Improve Targeted Transferability
{getToc} $title={Table of Contents}

Summary

The paper proposes a novel method, Averaging along Fine-tuning (AaF), to improve the targeted transferability of adversarial examples. AaF averages the fine-tuning trajectory to steer the adversarial example towards a more centered region, enhancing its transferability.

Highlights

  • AaF method averages the fine-tuning trajectory to improve targeted transferability.
  • The proposed method is compared to existing fine-tuning schemes, ILA and FFT.
  • AaF is integrated with state-of-the-art iterative targeted attacks.
  • The method is evaluated on various transfer scenarios, including CNNs and transformers.
  • AaF improves the attack success rate in both random-target and most difficult-target scenarios.
  • The method is compared to generative attacks, TTP and C-GSP.
  • AaF is found to be superior to existing fine-tuning schemes and can boost targeted transferability universally.

Key Insights

  • AaF's averaging process encourages the adversarial example to move towards a more centered region, enhancing its transferability.
  • The decaying factor γ in AaF controls the trade-off between exploration and exploitation, with γ = 0.8 being a good choice.
  • AaF improves the attack success rate in both random-target and most difficult-target scenarios, demonstrating its effectiveness.
  • The method's performance is comparable to or even better than generative attacks, TTP and C-GSP, in some scenarios.
  • AaF's superiority is attributed to its ability to exploit the fine-tuning trajectory information more effectively than existing fine-tuning schemes.
  • The results demonstrate that AaF can boost targeted transferability universally, making it a valuable tool for evaluating the robustness of deep neural networks.
  • The comparison with generative attacks highlights the effectiveness of AaF in improving targeted transferability, especially in scenarios with low perturbation budgets.

Mindmap

If MindMap doesn't load, go to the Homepage and visit blog again or Switch to Android App (Under Development).


Citation

Zeng, H., Cui, S., Chen, B., & Peng, A. (2024). Two Heads Are Better Than One: Averaging along Fine-Tuning to Improve Targeted Transferability (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2412.20807

Tags

You may like these posts

Previous Post Next Post

Contact Form