SpringerLink
Log in

Enhance the Transferability from an Overfitting Perspective

  • Conference paper
  • First Online:
Computer Supported Cooperative Work and Social Computing (ChineseCSCW 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2013))

  • 227 Accesses

Abstract

Deep neural networks perform best on a variety of collaborative computing tasks, but they are very susceptible to adversarial perturbations. Adversarial perturbations have been shown to be applicable in a variety of scenarios, and electronic data transmitted in the online world is highly vulnerable to adversarial examples. Adversarial attacks play a crucial role in robustness evaluation tests before deep neural networks are put to use. However, in the case where the attacker does not know the specific structure and parameters of the victim model, i.e., in the case of a black-box attack, the attacker can only deceive the victim model with a low success rate. The current black-box iterative attacks have two flaws. First, the iteration trajectories generated by existing attack methods lack diversity and adaptability. Second, insufficient efforts have been made to push adversarial examples towards incorrect classifications, which makes the adversarial examples not learn enough features of the wrong classification, resulting in lower transfer attack success rate. In this paper, we propose a scheme that can ameliorate these shortcomings. Our approach builds upon the Curls iteration, leveraging the Nesterov Accelerated Gradient method to accelerate gradient descent and introduce more diverse iteration trajectories. Additionally, to make the adversarial examples learn more features of the wrong classification, we further push the adversarial examples towards incorrect labels after successfully deceiving the model. Experimental results show that our scheme effectively enhances the transferability of generated adversarial examples across different network models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 74.89
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 96.29
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Commun. ACM 60(6), 84–90 (2017)

    Article  Google Scholar 

  2. Szegedy, C., Liu, W., Jia, Y., et al.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)

    Google Scholar 

  3. Long, J., Shelhamer, E., Darrell, T.: Fully convolutional networks for semantic segmentation. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3431–3440 (2015)

    Google Scholar 

  4. Szegedy, C., Zaremba, W., Sutskever, I., et al.: Intriguing properties of neural networks. ar**v preprint ar**v:1312.6199 (2013)

  5. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and Harnessing Adversarial Examples. International Conference on Learning Representations (2015)

    Google Scholar 

  6. Arnab, A., Miksik, O., Torr, P.H.S.: On the robustness of semantic segmentation models to adversarial attacks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 888–897 (2018)

    Google Scholar 

  7. Tramr, F., Kurakin, A., Papernot, N., et al.: Ensemble adversarial training: attacks and defenses. Int. Conf. Learn. Represent. 1, 2 (2018)

    Google Scholar 

  8. Ilyas, A., Santurkar, S., Tsipras, D., et al.: Adversarial examples are not bugs, they are features. In: Proceedings of the 33rd International Conference on Neural Information Processing Systems, pp. 125–136 (2019)

    Google Scholar 

  9. Papernot, N., McDaniel, P., Goodfellow, I., et al.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506–519 (2017)

    Google Scholar 

  10. Li, X.C., Zhang, X.Y., Yin, F., et al.: F-mixup: attack CNNs from fourier perspective. In: 2020 25th International Conference on Pattern Recognition (ICPR), pp. 541–548. IEEE (2021)

    Google Scholar 

  11. Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: Artificial Intelligence Safety and Security, pp. 99–112. Chapman and Hall/CRC (2018)

    Google Scholar 

  12. Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. ar**v preprint ar**v:1611.01236 (2016)

  13. Dong, Y., Liao, F., Pang, T., et al.: Boosting adversarial attacks with momentum. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 9185–9193 (2018)

    Google Scholar 

  14. Li, M., Deng, C., Li, T., et al.: Towards transferable targeted attack. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 641–649 (2020)

    Google Scholar 

  15. Pan, W.W., Wang, X.Y., Song, M.L., Chen, C.: Survey on generating adversarial examples. J. Softw. 31(1), 67–81 (2020)

    Article  Google Scholar 

  16. Polyak, B.T.: Some methods of speeding up the convergence of iteration methods. USSR Comput. Math. Math. Phys. 4(5), 1–17 (1964)

    Article  Google Scholar 

  17. Du, Y., Shao, W., Chai, Z., et al.: Synaptic 1/f noise injection for overfitting suppression in hardware neural networks. Neuromorph. Comput. Eng. 2(3), 034006 (2022)

    Article  Google Scholar 

  18. Bejani, M.M., Ghatee, M.: A systematic review on overfitting control in shallow and deep neural networks. Artif. Intell. Rev. 54(8), 6391–6438 (2021)

    Google Scholar 

  19. **e, Z., He, F., Fu, S., et al.: Artificial neural variability for deep learning: on overfitting, noise memorization, and catastrophic forgetting. Neural Comput. 33(8), 2163–2192 (2021)

    Article  MathSciNet  Google Scholar 

  20. Khosla, A., Jayadevaprakash, N., Yao, B., et al.: Novel dataset for fine-grained image categorization: stanford dogs. In: Proceedings of the CVPR Workshop on Fine-Grained Visual Categorization (FGVC). Citeseer, vol. 2, no. 1 (2011)

    Google Scholar 

  21. Szegedy, C., Vanhoucke, V., Ioffe, S., et al.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818–2826 (2016)

    Google Scholar 

  22. Szegedy, C., Ioffe, S., Vanhoucke, V., et al.: Inception-v4, inception-resnet and the impact of residual connections on learning. Proc. AAAI Conf. Artif. Intell. 31(1) (2017)

    Google Scholar 

  23. He, K., Zhang, X., Ren, S., et al.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  24. Luo, Y., Boix, X., Roig, G., et al.: Foveation-based mechanisms alleviate adversarial examples. ar**v preprint ar**v:1511.06292 (2015)

Download references

Acknowledgements

This article is supported by the National Natural Science Foundation of China (62372131).

Author information

Authors and Affiliations

  1. College of Information and Communication Engineering, Harbin Engineering University, Harbin, 150001, China

    Tong Wang, Zijiang Shan, Jie Guo & Wei Song

Authors
  1. Tong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zijiang Shan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jie Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jie Guo .

Editor information

Editors and Affiliations

  1. Shandong University, **an, China

    Yuqing Sun

  2. Fudan University, Shanghai, China

    Tun Lu

  3. Harbin Engineering University, Harbin, China

    Tong Wang

  4. Tongji University, Shanghai, China

    Hongfei Fan

  5. Guangdong University of Technology, Guangzhou, China

    Dongning Liu

  6. Tongji University, Shanghai, China

    Bowen Du

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, T., Shan, Z., Guo, J., Song, W. (2024). Enhance the Transferability from an Overfitting Perspective. In: Sun, Y., Lu, T., Wang, T., Fan, H., Liu, D., Du, B. (eds) Computer Supported Cooperative Work and Social Computing. ChineseCSCW 2023. Communications in Computer and Information Science, vol 2013. Springer, Singapore. https://doi.org/10.1007/978-981-99-9640-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-9640-7_18

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-9639-1

  • Online ISBN: 978-981-99-9640-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation