Any Target Can be Offense: Adversarial Example Generation via Generalized Latent Infection

TL;DR

GAKer is a novel class-agnostic, model-agnostic adversarial attack method that generates targeted adversarial examples for both known and unknown classes by injecting latent representations, revealing vulnerabilities across a wider range of DNNs.

Contribution

We introduce GAKer, a generalized adversarial attack framework that constructs adversarial examples for any target class using latent infection, extending attack capabilities to unknown classes.

Findings

Achieves 14.13% higher success rate on unknown classes

Achieves 4.23% higher success rate on known classes

Effectively reveals vulnerabilities of DNNs across diverse classes

Abstract

Targeted adversarial attack, which aims to mislead a model to recognize any image as a target object by imperceptible perturbations, has become a mainstream tool for vulnerability assessment of deep neural networks (DNNs). Since existing targeted attackers only learn to attack known target classes, they cannot generalize well to unknown classes. To tackle this issue, we propose $\bf{G}$eneralized $\bf{A}$dversarial attac$\bf{KER}$ ($\bf{GAKer}$), which is able to construct adversarial examples to any target class. The core idea behind GAKer is to craft a latently infected representation during adversarial example generation. To this end, the extracted latent representations of the target object are first injected into intermediate features of an input image in an adversarial generator. Then, the generator is optimized to ensure visual consistency with the input image while being close to the target object in the feature space. Since the GAKer is class-agnostic yet model-agnostic, it can be regarded as a general tool that not only reveals the vulnerability of more DNNs but also identifies deficiencies of DNNs in a wider range of classes. Extensive experiments have demonstrated the effectiveness of our proposed method in generating adversarial examples for both known and unknown classes. Notably, compared with other generative methods, our method achieves an approximately $14.13\%$ higher attack success rate for unknown classes and an approximately $4.23\%$ higher success rate for known classes. Our code is available in https://github.com/VL-Group/GAKer.