تقرير
DANAA: Towards transferable attacks with double adversarial neuron attribution
| العنوان: | DANAA: Towards transferable attacks with double adversarial neuron attribution |
|---|---|
| المؤلفون: | Jin, Zhibo, Zhu, Zhiyu, Wang, Xinyi, Zhang, Jiayu, Shen, Jun, Chen, Huaming |
| سنة النشر: | 2023 |
| المجموعة: | Computer Science |
| مصطلحات موضوعية: | Computer Science - Computer Vision and Pattern Recognition |
| الوصف: | While deep neural networks have excellent results in many fields, they are susceptible to interference from attacking samples resulting in erroneous judgments. Feature-level attacks are one of the effective attack types, which targets the learnt features in the hidden layers to improve its transferability across different models. Yet it is observed that the transferability has been largely impacted by the neuron importance estimation results. In this paper, a double adversarial neuron attribution attack method, termed `DANAA', is proposed to obtain more accurate feature importance estimation. In our method, the model outputs are attributed to the middle layer based on an adversarial non-linear path. The goal is to measure the weight of individual neurons and retain the features that are more important towards transferability. We have conducted extensive experiments on the benchmark datasets to demonstrate the state-of-the-art performance of our method. Our code is available at: https://github.com/Davidjinzb/DANAA Comment: Accepted by 19th International Conference on Advanced Data Mining and Applications. (ADMA 2023) |
| نوع الوثيقة: | Working Paper |
| URL الوصول: | http://arxiv.org/abs/2310.10427 |
| رقم الأكسشن: | edsarx.2310.10427 |
| قاعدة البيانات: | arXiv |
| الوصف غير متاح. |