Saved in:
Bibliographic Details
Main Authors: Fang, Hao, Kong, Jiawei, Chen, Bin, Dai, Tao, Wu, Hao, Xia, Shu-Tao
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.10179
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912056252301312
author Fang, Hao
Kong, Jiawei
Chen, Bin
Dai, Tao
Wu, Hao
Xia, Shu-Tao
author_facet Fang, Hao
Kong, Jiawei
Chen, Bin
Dai, Tao
Wu, Hao
Xia, Shu-Tao
contents Transferable targeted adversarial attacks aim to mislead models into outputting adversary-specified predictions in black-box scenarios. Recent studies have introduced \textit{single-target} generative attacks that train a generator for each target class to generate highly transferable perturbations, resulting in substantial computational overhead when handling multiple classes. \textit{Multi-target} attacks address this by training only one class-conditional generator for multiple classes. However, the generator simply uses class labels as conditions, failing to leverage the rich semantic information of the target class. To this end, we design a \textbf{C}LIP-guided \textbf{G}enerative \textbf{N}etwork with \textbf{C}ross-attention modules (CGNC) to enhance multi-target attacks by incorporating textual knowledge of CLIP into the generator. Extensive experiments demonstrate that CGNC yields significant improvements over previous multi-target generative attacks, e.g., a 21.46\% improvement in success rate from ResNet-152 to DenseNet-121. Moreover, we propose a masked fine-tuning mechanism to further strengthen our method in attacking a single class, which surpasses existing single-target methods.
format Preprint
id arxiv_https___arxiv_org_abs_2407_10179
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle CLIP-Guided Generative Networks for Transferable Targeted Adversarial Attacks
Fang, Hao
Kong, Jiawei
Chen, Bin
Dai, Tao
Wu, Hao
Xia, Shu-Tao
Computer Vision and Pattern Recognition
Transferable targeted adversarial attacks aim to mislead models into outputting adversary-specified predictions in black-box scenarios. Recent studies have introduced \textit{single-target} generative attacks that train a generator for each target class to generate highly transferable perturbations, resulting in substantial computational overhead when handling multiple classes. \textit{Multi-target} attacks address this by training only one class-conditional generator for multiple classes. However, the generator simply uses class labels as conditions, failing to leverage the rich semantic information of the target class. To this end, we design a \textbf{C}LIP-guided \textbf{G}enerative \textbf{N}etwork with \textbf{C}ross-attention modules (CGNC) to enhance multi-target attacks by incorporating textual knowledge of CLIP into the generator. Extensive experiments demonstrate that CGNC yields significant improvements over previous multi-target generative attacks, e.g., a 21.46\% improvement in success rate from ResNet-152 to DenseNet-121. Moreover, we propose a masked fine-tuning mechanism to further strengthen our method in attacking a single class, which surpasses existing single-target methods.
title CLIP-Guided Generative Networks for Transferable Targeted Adversarial Attacks
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2407.10179