Frequency Domain Model Augmentation for Adversarial Attack
نویسندگان
چکیده
For black-box attacks, the gap between substitute model and victim is usually large, which manifests as a weak attack performance. Motivated by observation that transferability of adversarial examples can be improved attacking diverse models simultaneously, augmentation methods simulate different using transformed images are proposed. However, existing transformations for spatial domain do not translate to significantly augmented models. To tackle this issue, we propose novel spectrum simulation craft more transferable against both normally trained defense Specifically, apply transformation input thus perform in frequency domain. We theoretically prove derived from leads saliency map, an indicator proposed reflect diversity Notably, our method generally combined with attacks. Extensive experiments on ImageNet dataset demonstrate effectiveness method, e.g., nine state-of-the-art average success rate 95.4%. Our code available https://github.com/yuyang-long/SSA .
منابع مشابه
Adversarial Feature Augmentation for Unsupervised Domain Adaptation
Recent works showed that Generative Adversarial Networks (GANs) can be successfully applied in unsupervised domain adaptation, where, given a labeled source dataset and an unlabeled target dataset, the goal is to train powerful classifiers for the target samples. In particular, it was shown that a GAN objective function can be used to learn target features indistinguishable from the source ones...
متن کاملAdversarial Model for Radio Frequency Identification
Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers, and usually of a database which contains information about the objects. The key point is that authorised readers must be able to identify tags without an adversary being able to trace them. Traceabili...
متن کاملData Augmentation Generative Adversarial Networks
Effective training of neural networks requires much data. In the low-data regime, parameters are underdetermined, and learnt networks generalise poorly. Data Augmentation (Krizhevsky et al., 2012) alleviates this by using existing data more effectively. However standard data augmentation produces only limited plausible alternative data. Given there is potential to generate a much broader set of...
متن کاملHeuristic Process Model Simplification in Frequency Response Domain
Frequency response diagrams of a system include detailed and recognizable information about the structural and parameter effects of the transfer function model of the system. The information are qualitatively and quantitatively obtainable from simultaneous consideration of amplitude ratio and phase information. In this paper, some rules and relationships are presented for making use of frequenc...
متن کاملConditional Adversarial Domain Adaptation
Adversarial learning has been successfully embedded into deep networks to learn transferable features for domain adaptation, which reduce distribution discrepancy between the source and target domains and improve generalization performance. Prior domain adversarial adaptation methods could not align complex multimode distributions since the discriminative structures and inter-layer interactions...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2022
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-031-19772-7_32