Improving Sustainability of Adversarial Examples in Class-Incremental Learning

TL;DR

This paper introduces SAE, a novel method to improve the durability of adversarial examples in class-incremental learning, addressing domain drift and semantic stability issues with innovative modules.

Contribution

SAE combines a Semantic Correction Module and a Filtering-and-Augmentation Module to enhance adversarial example robustness against model updates in CIL.

Findings

SAE outperforms baselines by 31.28% on average.

SAE maintains adversarial effectiveness after multiple CIL updates.

The modules effectively stabilize adversarial semantics in dynamic models.

Abstract

Current adversarial examples (AEs) are typically designed for static models. However, with the wide application of Class-Incremental Learning (CIL), models are no longer static and need to be updated with new data distributed and labeled differently from the old ones. As a result, existing AEs often fail after CIL updates due to significant domain drift. In this paper, we propose SAE to enhance the sustainability of AEs against CIL. The core idea of SAE is to enhance the robustness of AE semantics against domain drift by making them more similar to the target class while distinguishing them from all other classes. Achieving this is challenging, as relying solely on the initial CIL model to optimize AE semantics often leads to overfitting. To resolve the problem, we propose a Semantic Correction Module. This module encourages the AE semantics to be generalized, based on a visual-language model capable of producing universal semantics. Additionally, it incorporates the CIL model to correct the optimization direction of the AE semantics, guiding them closer to the target class. To further reduce fluctuations in AE semantics, we propose a Filtering-and-Augmentation Module, which first identifies non-target examples with target-class semantics in the latent space and then augments them to foster more stable semantics. Comprehensive experiments demonstrate that SAE outperforms baselines by an average of 31.28% when updated with a 9-fold increase in the number of classes.