Comment on Transferability and Input Transformation with Additive Noise

Hoki Kim; Jinseong Park; Jaewook Lee

arXiv:2206.09075·cs.LG·June 22, 2022·1 cites

Comment on Transferability and Input Transformation with Additive Noise

Hoki Kim, Jinseong Park, Jaewook Lee

PDF

Open Access

TL;DR

This paper analyzes how input transformations with additive noise can enhance the transferability of adversarial examples across different neural network models, supported by mathematical proofs.

Contribution

It provides a mathematical analysis showing that certain input transformations can produce more transferable adversarial examples, advancing understanding of transferability.

Findings

01

Modified optimization increases transferability of adversarial examples

02

Mathematical proof supports the relationship between input noise and transferability

03

Enhances understanding of adversarial attack generalization

Abstract

Adversarial attacks have verified the existence of the vulnerability of neural networks. By adding small perturbations to a benign example, adversarial attacks successfully generate adversarial examples that lead misclassification of deep learning models. More importantly, an adversarial example generated from a specific model can also deceive other models without modification. We call this phenomenon ``transferability". Here, we analyze the relationship between transferability and input transformation with additive noise by mathematically proving that the modified optimization can produce more transferable adversarial examples.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Explainable Artificial Intelligence (XAI)