CT-GAT: Cross-Task Generative Adversarial Attack based on Transferability

TL;DR

This paper introduces CT-GAT, a novel generative adversarial attack method that leverages transferable features across multiple tasks to create effective adversarial examples without relying on substitute models.

Contribution

The paper proposes a universal adversarial attack framework that directly constructs adversarial examples across tasks by training a sequence-to-sequence generative model on multi-task adversarial data.

Findings

Achieves superior attack performance on ten datasets

Demonstrates transferability of adversarial features across tasks

Operates with low computational cost

Abstract

Neural network models are vulnerable to adversarial examples, and adversarial transferability further increases the risk of adversarial attacks. Current methods based on transferability often rely on substitute models, which can be impractical and costly in real-world scenarios due to the unavailability of training data and the victim model's structural details. In this paper, we propose a novel approach that directly constructs adversarial examples by extracting transferable features across various tasks. Our key insight is that adversarial transferability can extend across different tasks. Specifically, we train a sequence-to-sequence generative model named CT-GAT using adversarial sample data collected from multiple tasks to acquire universal adversarial features and generate adversarial examples for different tasks. We conduct experiments on ten distinct datasets, and the results demonstrate that our method achieves superior attack performance with small cost.