Meta Gradient Adversarial Attack

TL;DR

This paper introduces Meta Gradient Adversarial Attack (MGAA), a meta-learning based framework that enhances transferability of adversarial examples across models, outperforming existing methods on CIFAR10 and ImageNet.

Contribution

The paper proposes a novel plug-and-play meta-learning architecture that improves cross-model transferability of adversarial attacks by aligning gradient directions across models.

Findings

Outperforms state-of-the-art methods on CIFAR10 and ImageNet.

Effectively narrows the gap between white-box and black-box attack gradients.

Enhances transferability of adversarial examples across diverse models.

Abstract

In recent years, research on adversarial attacks has become a hot spot. Although current literature on the transfer-based adversarial attack has achieved promising results for improving the transferability to unseen black-box models, it still leaves a long way to go. Inspired by the idea of meta-learning, this paper proposes a novel architecture called Meta Gradient Adversarial Attack (MGAA), which is plug-and-play and can be integrated with any existing gradient-based attack method for improving the cross-model transferability. Specifically, we randomly sample multiple models from a model zoo to compose different tasks and iteratively simulate a white-box attack and a black-box attack in each task. By narrowing the gap between the gradient directions in white-box and black-box attacks, the transferability of adversarial examples on the black-box setting can be improved. Extensive experiments on the CIFAR10 and ImageNet datasets show that our architecture outperforms the state-of-the-art methods for both black-box and white-box attack settings.