Dual-Flow: Transferable Multi-Target, Instance-Agnostic Attacks via In-the-wild Cascading Flow Optimization

TL;DR

Dual-Flow introduces a novel cascading flow optimization framework that enhances the transferability and robustness of multi-target, instance-agnostic adversarial attacks across different models.

Contribution

It proposes a new Dual-Flow framework with Cascading Distribution Shift Training to improve transfer success rates for multi-target adversarial attacks.

Findings

Increases transfer success rate from Inception-v3 to ResNet-152 by 34.58%.

Demonstrates stronger robustness against defense mechanisms.

Significantly outperforms previous multi-target generative attacks.

Abstract

Adversarial attacks are widely used to evaluate model robustness, and in black-box scenarios, the transferability of these attacks becomes crucial. Existing generator-based attacks have excellent generalization and transferability due to their instance-agnostic nature. However, when training generators for multi-target tasks, the success rate of transfer attacks is relatively low due to the limitations of the model's capacity. To address these challenges, we propose a novel Dual-Flow framework for multi-target instance-agnostic adversarial attacks, utilizing Cascading Distribution Shift Training to develop an adversarial velocity function. Extensive experiments demonstrate that Dual-Flow significantly improves transferability over previous multi-target generative attacks. For example, it increases the success rate from Inception-v3 to ResNet-152 by 34.58\%. Furthermore, our attack method shows substantially stronger robustness against defense mechanisms, such as adversarially trained models. The code of Dual-Flow is available at: $\href{https://github.com/Chyxx/Dual-Flow}{https://github.com/Chyxx/Dual-Flow}$.