Data-free Universal Adversarial Perturbation with Pseudo-semantic Prior

TL;DR

This paper introduces a novel data-free universal adversarial perturbation method that extracts pseudo-semantic priors during training, significantly improving transferability and fooling rate across CNNs without relying on data.

Contribution

The method recursively extracts pseudo-semantic priors from UAPs to enhance semantic content and transferability in data-free adversarial attacks, surpassing existing approaches.

Findings

Achieves state-of-the-art fooling rates on ImageNet

Significantly improves transferability across CNN architectures

Outperforms existing data-free and data-dependent UAP methods

Abstract

Data-free Universal Adversarial Perturbation (UAP) is an image-agnostic adversarial attack that deceives deep neural networks using a single perturbation generated solely from random noise without relying on data priors. However, traditional data-free UAP methods often suffer from limited transferability due to the absence of semantic content in random noise. To address this issue, we propose a novel data-free universal attack method that recursively extracts pseudo-semantic priors directly from the UAPs during training to enrich the semantic content within the data-free UAP framework. Our approach effectively leverages latent semantic information within UAPs via region sampling, enabling successful input transformations-typically ineffective in traditional data-free UAP methods due to the lack of semantic cues-and significantly enhancing black-box transferability. Furthermore, we introduce a sample reweighting technique to mitigate potential imbalances from random sampling and transformations, emphasizing hard examples less affected by the UAPs. Comprehensive experiments on ImageNet show that our method achieves state-of-the-art performance in average fooling rate by a substantial margin, notably improves attack transferability across various CNN architectures compared to existing data-free UAP methods, and even surpasses data-dependent UAP methods. Code is available at: https://github.com/ChnanChan/PSP-UAP.