Saved in:
Bibliographic Details
Main Authors: Gonçalves, Taïga, Miyazaki, Tomo, Omachi, Shinichiro
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.20782
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908658348064768
author Gonçalves, Taïga
Miyazaki, Tomo
Omachi, Shinichiro
author_facet Gonçalves, Taïga
Miyazaki, Tomo
Omachi, Shinichiro
contents Multi-targeted adversarial attacks aim to mislead classifiers toward specific target classes using a single perturbation generator with a conditional input specifying the desired target class. Existing methods face two key limitations: (1) a single generator supports only a limited number of predefined target classes, and (2) it requires access to the victim model's training data to learn target class semantics. This dependency raises data leakage concerns in practical black-box scenarios where the training data is typically private. To address these limitations, we propose a novel Cross-Domain Multi-Targeted Attack (CD-MTA) that can generate perturbations toward arbitrary target classes, even those that do not exist in the attacker's training data. CD-MTA is trained on a single public dataset but can perform targeted attacks on black-box models trained on different datasets with disjoint and unknown class sets. Our method requires only a single example image that visually represents the desired target class, without relying its label, class distribution or pretrained embeddings. We achieve this through a Feature Injection Module (FIM) and class-agnostic objectives which guide the generator to extract transferable, fine-grained features from the target image without inferring class semantics. Experiments on ImageNet and seven additional datasets show that CD-MTA outperforms existing multi-targeted attack methods on unseen target classes in black-box and cross-domain scenarios. The code is available at https://github.com/tgoncalv/CD-MTA.
format Preprint
id arxiv_https___arxiv_org_abs_2505_20782
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Towards Cross-Domain Multi-Targeted Adversarial Attacks
Gonçalves, Taïga
Miyazaki, Tomo
Omachi, Shinichiro
Computer Vision and Pattern Recognition
Multi-targeted adversarial attacks aim to mislead classifiers toward specific target classes using a single perturbation generator with a conditional input specifying the desired target class. Existing methods face two key limitations: (1) a single generator supports only a limited number of predefined target classes, and (2) it requires access to the victim model's training data to learn target class semantics. This dependency raises data leakage concerns in practical black-box scenarios where the training data is typically private. To address these limitations, we propose a novel Cross-Domain Multi-Targeted Attack (CD-MTA) that can generate perturbations toward arbitrary target classes, even those that do not exist in the attacker's training data. CD-MTA is trained on a single public dataset but can perform targeted attacks on black-box models trained on different datasets with disjoint and unknown class sets. Our method requires only a single example image that visually represents the desired target class, without relying its label, class distribution or pretrained embeddings. We achieve this through a Feature Injection Module (FIM) and class-agnostic objectives which guide the generator to extract transferable, fine-grained features from the target image without inferring class semantics. Experiments on ImageNet and seven additional datasets show that CD-MTA outperforms existing multi-targeted attack methods on unseen target classes in black-box and cross-domain scenarios. The code is available at https://github.com/tgoncalv/CD-MTA.
title Towards Cross-Domain Multi-Targeted Adversarial Attacks
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2505.20782