Stealthy Multi-Task Adversarial Attacks

TL;DR

This paper introduces a novel stealthy multi-task adversarial attack method that selectively targets one task in a multi-task neural network while preserving others, using imperceptible noise and automated loss weighting.

Contribution

It presents the first effective framework for targeted multi-task adversarial attacks with automated loss weight optimization, enhancing attack stealthiness and efficiency.

Findings

Successfully attacks target tasks while maintaining non-target task performance

Automated loss weight search matches manual tuning in effectiveness

Achieves state-of-the-art results in multi-task adversarial attacks

Abstract

Deep Neural Networks exhibit inherent vulnerabilities to adversarial attacks, which can significantly compromise their outputs and reliability. While existing research primarily focuses on attacking single-task scenarios or indiscriminately targeting all tasks in multi-task environments, we investigate selectively targeting one task while preserving performance in others within a multi-task framework. This approach is motivated by varying security priorities among tasks in real-world applications, such as autonomous driving, where misinterpreting critical objects (e.g., signs, traffic lights) poses a greater security risk than minor depth miscalculations. Consequently, attackers may hope to target security-sensitive tasks while avoiding non-critical tasks from being compromised, thus evading being detected before compromising crucial functions. In this paper, we propose a method for the stealthy multi-task attack framework that utilizes multiple algorithms to inject imperceptible noise into the input. This novel method demonstrates remarkable efficacy in compromising the target task while simultaneously maintaining or even enhancing performance across non-targeted tasks - a criterion hitherto unexplored in the field. Additionally, we introduce an automated approach for searching the weighting factors in the loss function, further enhancing attack efficiency. Experimental results validate our framework's ability to successfully attack the target task while preserving the performance of non-targeted tasks. The automated loss function weight searching method demonstrates comparable efficacy to manual tuning, establishing a state-of-the-art multi-task attack framework.