File Download
There are no files associated with this item.
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: MAKING SUBSTITUTE MODELS MORE BAYESIAN CAN ENHANCE TRANSFERABILITY OF ADVERSARIAL EXAMPLES
| Title | MAKING SUBSTITUTE MODELS MORE BAYESIAN CAN ENHANCE TRANSFERABILITY OF ADVERSARIAL EXAMPLES |
|---|---|
| Authors | |
| Issue Date | 2023 |
| Citation | 11th International Conference on Learning Representations, ICLR 2023, 2023 How to Cite? |
| Abstract | The transferability of adversarial examples across deep neural networks (DNNs) is the crux of many black-box attacks.Many prior efforts have been devoted to improving the transferability via increasing the diversity in inputs of some substitute models.In this paper, by contrast, we opt for the diversity in substitute models and advocate to attack a Bayesian model for achieving desirable transferability.Deriving from the Bayesian formulation, we develop a principled strategy for possible finetuning, which can be combined with many off-the-shelf Gaussian posterior approximations over DNN parameters.Extensive experiments have been conducted to verify the effectiveness of our method, on common benchmark datasets, and the results demonstrate that our method outperforms recent state-of-the-arts by large margins (roughly 19% absolute increase in average attack success rate on ImageNet), and, by combining with these recent methods, further performance gain can be obtained.Our code: https://github.com/qizhangli/MoreBayesian-attack. |
| Persistent Identifier | http://hdl.handle.net/10722/347053 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Li, Qizhang | - |
| dc.contributor.author | Guo, Yiwen | - |
| dc.contributor.author | Zuo, Wangmeng | - |
| dc.contributor.author | Chen, Hao | - |
| dc.date.accessioned | 2024-09-17T04:15:00Z | - |
| dc.date.available | 2024-09-17T04:15:00Z | - |
| dc.date.issued | 2023 | - |
| dc.identifier.citation | 11th International Conference on Learning Representations, ICLR 2023, 2023 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/347053 | - |
| dc.description.abstract | The transferability of adversarial examples across deep neural networks (DNNs) is the crux of many black-box attacks.Many prior efforts have been devoted to improving the transferability via increasing the diversity in inputs of some substitute models.In this paper, by contrast, we opt for the diversity in substitute models and advocate to attack a Bayesian model for achieving desirable transferability.Deriving from the Bayesian formulation, we develop a principled strategy for possible finetuning, which can be combined with many off-the-shelf Gaussian posterior approximations over DNN parameters.Extensive experiments have been conducted to verify the effectiveness of our method, on common benchmark datasets, and the results demonstrate that our method outperforms recent state-of-the-arts by large margins (roughly 19% absolute increase in average attack success rate on ImageNet), and, by combining with these recent methods, further performance gain can be obtained.Our code: https://github.com/qizhangli/MoreBayesian-attack. | - |
| dc.language | eng | - |
| dc.relation.ispartof | 11th International Conference on Learning Representations, ICLR 2023 | - |
| dc.title | MAKING SUBSTITUTE MODELS MORE BAYESIAN CAN ENHANCE TRANSFERABILITY OF ADVERSARIAL EXAMPLES | - |
| dc.type | Conference_Paper | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.scopus | eid_2-s2.0-85163347277 | - |