FACL-Attack: Frequency-Aware Contrastive Learning for Transferable Adversarial Attacks

TL;DR

This paper introduces a frequency-aware contrastive learning approach to generate adversarial examples with high transferability across different domains and models, addressing black-box attack challenges.

Contribution

It proposes a novel frequency domain contrastive learning method with domain randomization, improving transferability of adversarial attacks in black-box settings.

Findings

High transferability in cross-domain experiments

Effective separation of domain-invariant features

Maintains low inference time complexity

Abstract

Deep neural networks are known to be vulnerable to security risks due to the inherent transferable nature of adversarial examples. Despite the success of recent generative model-based attacks demonstrating strong transferability, it still remains a challenge to design an efficient attack strategy in a real-world strict black-box setting, where both the target domain and model architectures are unknown. In this paper, we seek to explore a feature contrastive approach in the frequency domain to generate adversarial examples that are robust in both cross-domain and cross-model settings. With that goal in mind, we propose two modules that are only employed during the training phase: a Frequency-Aware Domain Randomization (FADR) module to randomize domain-variant low- and high-range frequency components and a Frequency-Augmented Contrastive Learning (FACL) module to effectively separate domain-invariant mid-frequency features of clean and perturbed image. We demonstrate strong transferability of our generated adversarial perturbations through extensive cross-domain and cross-model experiments, while keeping the inference time complexity.