Papers
Topics
Authors
Recent
Search
2000 character limit reached

FACL-Attack: Frequency-Aware Contrastive Learning for Transferable Adversarial Attacks

Published 30 Jul 2024 in cs.CV, cs.AI, and cs.LG | (2407.20653v1)

Abstract: Deep neural networks are known to be vulnerable to security risks due to the inherent transferable nature of adversarial examples. Despite the success of recent generative model-based attacks demonstrating strong transferability, it still remains a challenge to design an efficient attack strategy in a real-world strict black-box setting, where both the target domain and model architectures are unknown. In this paper, we seek to explore a feature contrastive approach in the frequency domain to generate adversarial examples that are robust in both cross-domain and cross-model settings. With that goal in mind, we propose two modules that are only employed during the training phase: a Frequency-Aware Domain Randomization (FADR) module to randomize domain-variant low- and high-range frequency components and a Frequency-Augmented Contrastive Learning (FACL) module to effectively separate domain-invariant mid-frequency features of clean and perturbed image. We demonstrate strong transferability of our generated adversarial perturbations through extensive cross-domain and cross-model experiments, while keeping the inference time complexity.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (53)
  1. Leveraging Local Patch Differences in Multi-Object Scenes for Generative Adversarial Attacks. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV).
  2. Gama: Generative adversarial multi-object scene attacks. Advances in Neural Information Processing Systems (NeurIPS).
  3. Destruction and Construction Learning for Fine-Grained Image Recognition. In CVPR.
  4. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International Conference on Machine Learning (ICML).
  5. Boosting adversarial attacks with momentum. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR).
  6. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale. ICLR.
  7. Advdrop: Adversarial attack to dnns by dropping information. In Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV).
  8. A study of the effect of jpg compression on adversarial images. arXiv preprint arXiv:1608.00853.
  9. Generative adversarial networks. Communications of the ACM, 63(11): 139–144.
  10. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations (ICLR).
  11. Low Frequency Adversarial Perturbation. In Globerson, A.; and Silva, R., eds., Proceedings of the Thirty-Fifth Conference on Uncertainty in Artificial Intelligence (UAI), volume 115 of Proceedings of Machine Learning Research, 1127–1137. AUAI Press.
  12. Countering adversarial images using input transformations. arXiv preprint arXiv:1711.00117.
  13. Deep Residual Learning for Image Recognition. In CVPR.
  14. Searching for mobilenetv3. In Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV).
  15. Squeeze-and-excitation networks. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR).
  16. Densely Connected Convolutional Networks. In CVPR.
  17. Fsdr: Frequency space domain randomization for domain generalization. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  18. Doubly Contrastive End-to-End Semantic Segmentation for Autonomous Driving under Adverse Weather. In British Machine Vision Conference (BMVC).
  19. Contrastive adaptation network for unsupervised domain adaptation. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  20. Selfreg: Self-supervised contrastive regularization for domain generalization. In Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV).
  21. Adam: A Method for Stochastic Optimization. In ICLR.
  22. 3D Object Representations for Fine-Grained Categorization. In IEEE International Conference on Computer Vision Workshop (ICCVW).
  23. A ConvNet for the 2020s. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  24. Frequency domain model augmentation for adversarial attack. In European Conference on Computer Vision (ECCV).
  25. Detecting autoattack perturbations in the frequency domain. arXiv preprint arXiv:2111.08785.
  26. Enhancing Cross-Task Black-Box Transferability of Adversarial Examples With Dispersion Reduction. In CVPR.
  27. Frequency-driven imperceptible adversarial attack on semantic similarity. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  28. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083.
  29. A frequency perspective of adversarial robustness. arXiv preprint arXiv:2111.00861.
  30. Fine-Grained Visual Classification of Aircraft. ArXiv, abs/1306.5151.
  31. Learning transferable adversarial perturbations. Advances in Neural Information Processing Systems (NeurIPS).
  32. On generating transferable targeted perturbations. In Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV).
  33. A Self-supervised Approach for Adversarial Robustness. In CVPR.
  34. Cross-domain transferability of adversarial perturbations. Advances in Neural Information Processing Systems (NeurIPS).
  35. Generative adversarial perturbations. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR).
  36. ImageNet Large Scale Visual Recognition Challenge. IJCV.
  37. On the Effectiveness of Low Frequency Perturbations. In IJCAI.
  38. Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR.
  39. Rethinking the Inception Architecture for Computer Vision. In CVPR.
  40. Mnasnet: Platform-aware neural architecture search for mobile. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  41. On the structural sensitivity of deep convolutional networks to the directions of fourier basis functions. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  42. The Caltech-UCSD Birds-200-2011 Dataset. Technical report, California Institute of Technology.
  43. High-frequency component helps explain the generalization of convolutional neural networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  44. Cross-domain contrastive learning for unsupervised domain adaptation. IEEE Transactions on Multimedia.
  45. Towards frequency-based explanation for robust cnn. arXiv preprint arXiv:2005.03141.
  46. Boosting the transferability of adversarial samples via attention. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  47. Improving transferability of adversarial examples with input diversity. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  48. A fourier-based framework for domain generalization. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  49. Contrastive learning assisted-alignment for partial domain adaptation. IEEE Transactions on Neural Networks and Learning Systems.
  50. Fda: Fourier domain adaptation for semantic segmentation. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).
  51. A fourier perspective on model robustness in computer vision. Advances in Neural Information Processing Systems (NeurIPS).
  52. Wide residual networks. In British Machine Vision Conference (BMVC).
  53. Beyond imagenet attack: Towards crafting adversarial examples for black-box domains. arXiv preprint arXiv:2201.11528.
Citations (3)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

Sign Up for Free