Code for our method "Transferable Structural Sparse Adversarial Attack Via Exact Group Sparsity Training (CVPR 2024)" is released!
Transferable Structural Sparse Adversarial Attack Via Exact Group Sparsity Training
Di Ming, Peng Ren, Yunlong Wang, Xin Feng*; Proceedings of the IEEE/CVF International Conference on Computer Vision and Pattern Recognition (CVPR), 2024, pp. xxxx-xxxx.
Abstract
Deep neural networks (DNNs) are vulnerable to highly transferable adversarial attacks. Especially, many studies have shown that sparse attacks pose a significant threat to DNNs on account of their exceptional imperceptibility. Current sparse attack methods mostly limit only the magnitude and number of perturbations while generally overlooking the location of the perturbations, resulting in decreased performances on attack transferability. A subset of studies indicates that perturbations existing in the significant regions with rich classification-relevant features are more effective. Leveraging this insight, we introduce the structural sparsity constraint in the framework of generative models to limit the perturbation positions. To ensure that the perturbations are generated towards classification-relevant regions, we propose an exact group sparsity training method to learn pixel-level and group-level sparsity. For purpose of improving the effectiveness of sparse training, we further put forward masked quantization network and multi-stage optimization algorithm in the training process. Utilizing CNNs as surrogate models, extensive experiments demonstrate that our method has higher transferability in image classification attack compared to state-of-the-art methods at approximately same sparsity levels. In cross-model ViT, object detection, and semantic segmentation attack tasks, we also achieve a better attack success rate. Code is available at https://github.com/MisterRpeng/EGS-TSSA.
Related Material
[html] [paper] [supp] [code] [poster] [video]
Citation
@InProceedings{CVPR24_EGS_TSSA,
author = {Ming, Di and Peng, Ren and Wang, Yunlong and Feng, Xin},
title = {Transferable Structural Sparse Adversarial Attack Via Exact Group Sparsity Training},
booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
month = {June},
year = {2024},
pages = {24696-24705}
}
*Corresponding Author: Xin Feng