Conceitos Básicos
Adversarial examples, which are imperceptible perturbations that can fool deep neural networks, exhibit the intriguing property of transferability - where perturbations crafted for one model can also deceive other models with different architectures. This survey explores the latest research on enhancing the transferability of adversarial examples across deep neural networks.
Resumo
This survey provides a comprehensive overview of the current research on enhancing the transferability of adversarial examples across deep neural networks. It first introduces the terminology, mathematical notations, and the formulation and evaluation of adversarial transferability.
The main body of the survey is divided into three sections:
Optimization-Based Transferable Attacks:
Data Augmentation-Based Methods: These methods apply various input transformations, such as random resizing, padding, and scaling, to increase the diversity of the inputs and improve transferability.
Optimization Technique-Based Methods: These methods focus on improving the optimization process itself, incorporating techniques like momentum, Nesterov acceleration, and variance reduction to enhance the transferability of the generated adversarial perturbations.
Loss Objective-Based Methods: These methods explore alternative loss functions, such as normalized cross-entropy, Poincaré distance metric, and triplet loss, to better guide the optimization towards generating transferable adversarial examples.
Model Component-Based Methods: These methods leverage the intermediate features and representations of the surrogate model to generate adversarial perturbations that are more transferable across different architectures.
Generation-Based Transferable Attacks:
Unconditional Generation: These methods use generative models, such as GANs and VAEs, to directly synthesize transferable adversarial examples without relying on a specific surrogate model.
Class-conditional Generation: These methods leverage class-conditional generative models to generate adversarial examples that are tailored to specific target classes, aiming to improve the transferability of targeted attacks.
Adversarial Transferability Beyond Image Classification:
The survey also discusses the research on adversarial transferability in other computer vision tasks, such as image retrieval, object detection, and segmentation, as well as in natural language processing tasks.
Finally, the survey outlines the current challenges and future research opportunities in the field of adversarial transferability, highlighting the importance of understanding and addressing this vulnerability to ensure the robustness and reliability of deep neural networks in real-world applications.