Abstract
Deep neural networks perform best on a variety of collaborative computing tasks, but they are very susceptible to adversarial perturbations. Adversarial perturbations have been shown to be applicable in a variety of scenarios, and electronic data transmitted in the online world is highly vulnerable to adversarial examples. Adversarial attacks play a crucial role in robustness evaluation tests before deep neural networks are put to use. However, in the case where the attacker does not know the specific structure and parameters of the victim model, i.e., in the case of a black-box attack, the attacker can only deceive the victim model with a low success rate. The current black-box iterative attacks have two flaws. First, the iteration trajectories generated by existing attack methods lack diversity and adaptability. Second, insufficient efforts have been made to push adversarial examples towards incorrect classifications, which makes the adversarial examples not learn enough features of the wrong classification, resulting in lower transfer attack success rate. In this paper, we propose a scheme that can ameliorate these shortcomings. Our approach builds upon the Curls iteration, leveraging the Nesterov Accelerated Gradient method to accelerate gradient descent and introduce more diverse iteration trajectories. Additionally, to make the adversarial examples learn more features of the wrong classification, we further push the adversarial examples towards incorrect labels after successfully deceiving the model. Experimental results show that our scheme effectively enhances the transferability of generated adversarial examples across different network models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Commun. ACM 60(6), 84–90 (2017)
Szegedy, C., Liu, W., Jia, Y., et al.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)
Long, J., Shelhamer, E., Darrell, T.: Fully convolutional networks for semantic segmentation. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3431–3440 (2015)
Szegedy, C., Zaremba, W., Sutskever, I., et al.: Intriguing properties of neural networks. ar**v preprint ar**v:1312.6199 (2013)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and Harnessing Adversarial Examples. International Conference on Learning Representations (2015)
Arnab, A., Miksik, O., Torr, P.H.S.: On the robustness of semantic segmentation models to adversarial attacks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 888–897 (2018)
Tramr, F., Kurakin, A., Papernot, N., et al.: Ensemble adversarial training: attacks and defenses. Int. Conf. Learn. Represent. 1, 2 (2018)
Ilyas, A., Santurkar, S., Tsipras, D., et al.: Adversarial examples are not bugs, they are features. In: Proceedings of the 33rd International Conference on Neural Information Processing Systems, pp. 125–136 (2019)
Papernot, N., McDaniel, P., Goodfellow, I., et al.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506–519 (2017)
Li, X.C., Zhang, X.Y., Yin, F., et al.: F-mixup: attack CNNs from fourier perspective. In: 2020 25th International Conference on Pattern Recognition (ICPR), pp. 541–548. IEEE (2021)
Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: Artificial Intelligence Safety and Security, pp. 99–112. Chapman and Hall/CRC (2018)
Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. ar**v preprint ar**v:1611.01236 (2016)
Dong, Y., Liao, F., Pang, T., et al.: Boosting adversarial attacks with momentum. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 9185–9193 (2018)
Li, M., Deng, C., Li, T., et al.: Towards transferable targeted attack. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 641–649 (2020)
Pan, W.W., Wang, X.Y., Song, M.L., Chen, C.: Survey on generating adversarial examples. J. Softw. 31(1), 67–81 (2020)
Polyak, B.T.: Some methods of speeding up the convergence of iteration methods. USSR Comput. Math. Math. Phys. 4(5), 1–17 (1964)
Du, Y., Shao, W., Chai, Z., et al.: Synaptic 1/f noise injection for overfitting suppression in hardware neural networks. Neuromorph. Comput. Eng. 2(3), 034006 (2022)
Bejani, M.M., Ghatee, M.: A systematic review on overfitting control in shallow and deep neural networks. Artif. Intell. Rev. 54(8), 6391–6438 (2021)
**e, Z., He, F., Fu, S., et al.: Artificial neural variability for deep learning: on overfitting, noise memorization, and catastrophic forgetting. Neural Comput. 33(8), 2163–2192 (2021)
Khosla, A., Jayadevaprakash, N., Yao, B., et al.: Novel dataset for fine-grained image categorization: stanford dogs. In: Proceedings of the CVPR Workshop on Fine-Grained Visual Categorization (FGVC). Citeseer, vol. 2, no. 1 (2011)
Szegedy, C., Vanhoucke, V., Ioffe, S., et al.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818–2826 (2016)
Szegedy, C., Ioffe, S., Vanhoucke, V., et al.: Inception-v4, inception-resnet and the impact of residual connections on learning. Proc. AAAI Conf. Artif. Intell. 31(1) (2017)
He, K., Zhang, X., Ren, S., et al.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
Luo, Y., Boix, X., Roig, G., et al.: Foveation-based mechanisms alleviate adversarial examples. ar**v preprint ar**v:1511.06292 (2015)
Acknowledgements
This article is supported by the National Natural Science Foundation of China (62372131).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, T., Shan, Z., Guo, J., Song, W. (2024). Enhance the Transferability from an Overfitting Perspective. In: Sun, Y., Lu, T., Wang, T., Fan, H., Liu, D., Du, B. (eds) Computer Supported Cooperative Work and Social Computing. ChineseCSCW 2023. Communications in Computer and Information Science, vol 2013. Springer, Singapore. https://doi.org/10.1007/978-981-99-9640-7_18
Download citation
DOI: https://doi.org/10.1007/978-981-99-9640-7_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9639-1
Online ISBN: 978-981-99-9640-7
eBook Packages: Computer ScienceComputer Science (R0)