GADT: Enhancing Transferable Adversarial Attacks through Gradient-guided Adversarial Data Transformation

TL;DR

GADT is a novel data augmentation-based adversarial attack method that optimizes augmentation parameters using gradient guidance, improving transferability and effectiveness in black-box scenarios.

Contribution

The paper introduces GADT, a new attack algorithm that employs differentiable data augmentation and a novel loss function to enhance transferability of adversarial examples.

Findings

GADT improves attack success rates across multiple datasets and models.

GADT effectively updates data augmentation parameters in black-box attack scenarios.

The method maintains attack crypticity while enhancing adversarial strength.

Abstract

Current Transferable Adversarial Examples (TAE) are primarily generated by adding Adversarial Noise (AN). Recent studies emphasize the importance of optimizing Data Augmentation (DA) parameters along with AN, which poses a greater threat to real-world AI applications. However, existing DA-based strategies often struggle to find optimal solutions due to the challenging DA search procedure without proper guidance. In this work, we propose a novel DA-based attack algorithm, GADT. GADT identifies suitable DA parameters through iterative antagonism and uses posterior estimates to update AN based on these parameters. We uniquely employ a differentiable DA operation library to identify adversarial DA parameters and introduce a new loss function as a metric during DA optimization. This loss term enhances adversarial effects while preserving the original image content, maintaining attack crypticity. Extensive experiments on public datasets with various networks demonstrate that GADT can be integrated with existing transferable attack methods, updating their DA parameters effectively while retaining their AN formulation strategies. Furthermore, GADT can be utilized in other black-box attack scenarios, e.g., query-based attacks, offering a new avenue to enhance attacks on real-world AI applications in both research and industrial contexts.