AIM: Additional Image Guided Generation of Transferable Adversarial Attacks

TL;DR

This paper introduces a novel semantic injection module that uses guiding images to significantly improve the transferability of targeted adversarial attacks on deep neural networks.

Contribution

We propose a plug-and-play Semantic Injection Module that leverages guiding images to enhance the transferability of generative targeted adversarial attacks.

Findings

The proposed method outperforms existing attack models in transferability.

Semantic injection improves targeted attack success rates.

Our approach is effective under both targeted and untargeted attack settings.

Abstract

Transferable adversarial examples highlight the vulnerability of deep neural networks (DNNs) to imperceptible perturbations across various real-world applications. While there have been notable advancements in untargeted transferable attacks, targeted transferable attacks remain a significant challenge. In this work, we focus on generative approaches for targeted transferable attacks. Current generative attacks focus on reducing overfitting to surrogate models and the source data domain, but they often overlook the importance of enhancing transferability through additional semantics. To address this issue, we introduce a novel plug-and-play module into the general generator architecture to enhance adversarial transferability. Specifically, we propose a \emph{Semantic Injection Module} (SIM) that utilizes the semantics contained in an additional guiding image to improve transferability. The guiding image provides a simple yet effective method to incorporate target semantics from the target class to create targeted and highly transferable attacks. Additionally, we propose new loss formulations that can integrate the semantic injection module more effectively for both targeted and untargeted attacks. We conduct comprehensive experiments under both targeted and untargeted attack settings to demonstrate the efficacy of our proposed approach.