Saved in:
Bibliographic Details
Main Authors: Liu, Taifeng, Liu, Xinjing, Dong, Liangqiu, Liu, Yang, Yang, Yilong, Ma, Zhuo
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.09088
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908647822458880
author Liu, Taifeng
Liu, Xinjing
Dong, Liangqiu
Liu, Yang
Yang, Yilong
Ma, Zhuo
author_facet Liu, Taifeng
Liu, Xinjing
Dong, Liangqiu
Liu, Yang
Yang, Yilong
Ma, Zhuo
contents Current adversarial examples (AEs) are typically designed for static models. However, with the wide application of Class-Incremental Learning (CIL), models are no longer static and need to be updated with new data distributed and labeled differently from the old ones. As a result, existing AEs often fail after CIL updates due to significant domain drift. In this paper, we propose SAE to enhance the sustainability of AEs against CIL. The core idea of SAE is to enhance the robustness of AE semantics against domain drift by making them more similar to the target class while distinguishing them from all other classes. Achieving this is challenging, as relying solely on the initial CIL model to optimize AE semantics often leads to overfitting. To resolve the problem, we propose a Semantic Correction Module. This module encourages the AE semantics to be generalized, based on a visual-language model capable of producing universal semantics. Additionally, it incorporates the CIL model to correct the optimization direction of the AE semantics, guiding them closer to the target class. To further reduce fluctuations in AE semantics, we propose a Filtering-and-Augmentation Module, which first identifies non-target examples with target-class semantics in the latent space and then augments them to foster more stable semantics. Comprehensive experiments demonstrate that SAE outperforms baselines by an average of 31.28% when updated with a 9-fold increase in the number of classes.
format Preprint
id arxiv_https___arxiv_org_abs_2511_09088
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Improving Sustainability of Adversarial Examples in Class-Incremental Learning
Liu, Taifeng
Liu, Xinjing
Dong, Liangqiu
Liu, Yang
Yang, Yilong
Ma, Zhuo
Cryptography and Security
Artificial Intelligence
Current adversarial examples (AEs) are typically designed for static models. However, with the wide application of Class-Incremental Learning (CIL), models are no longer static and need to be updated with new data distributed and labeled differently from the old ones. As a result, existing AEs often fail after CIL updates due to significant domain drift. In this paper, we propose SAE to enhance the sustainability of AEs against CIL. The core idea of SAE is to enhance the robustness of AE semantics against domain drift by making them more similar to the target class while distinguishing them from all other classes. Achieving this is challenging, as relying solely on the initial CIL model to optimize AE semantics often leads to overfitting. To resolve the problem, we propose a Semantic Correction Module. This module encourages the AE semantics to be generalized, based on a visual-language model capable of producing universal semantics. Additionally, it incorporates the CIL model to correct the optimization direction of the AE semantics, guiding them closer to the target class. To further reduce fluctuations in AE semantics, we propose a Filtering-and-Augmentation Module, which first identifies non-target examples with target-class semantics in the latent space and then augments them to foster more stable semantics. Comprehensive experiments demonstrate that SAE outperforms baselines by an average of 31.28% when updated with a 9-fold increase in the number of classes.
title Improving Sustainability of Adversarial Examples in Class-Incremental Learning
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2511.09088