Towards Cross-Domain Multi-Targeted Adversarial Attacks
Ta\"iga Gon\c{c}alves, Tomo Miyazaki, Shinichiro Omachi
TL;DR
This paper introduces CD-MTA, a novel adversarial attack method capable of targeting arbitrary classes across different datasets without prior class knowledge, using only a single example image.
Contribution
It proposes a cross-domain, multi-targeted attack framework that does not require training data or class labels, enabling effective black-box attacks on unseen and cross-domain target classes.
Findings
Outperforms existing methods on unseen target classes
Effective in black-box and cross-domain scenarios
Requires only a single example image for target class representation
Abstract
Multi-targeted adversarial attacks aim to mislead classifiers toward specific target classes using a single perturbation generator with a conditional input specifying the desired target class. Existing methods face two key limitations: (1) a single generator supports only a limited number of predefined target classes, and (2) it requires access to the victim model's training data to learn target class semantics. This dependency raises data leakage concerns in practical black-box scenarios where the training data is typically private. To address these limitations, we propose a novel Cross-Domain Multi-Targeted Attack (CD-MTA) that can generate perturbations toward arbitrary target classes, even those that do not exist in the attacker's training data. CD-MTA is trained on a single public dataset but can perform targeted attacks on black-box models trained on different datasets with…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAnomaly Detection Techniques and Applications · Adversarial Robustness in Machine Learning