Improving adversarial transferability via feature translation특징맵 평행이동을 통한 적대적 전이성의 향상
Deep Neural Networks (DNNs) are vulnerable to adversarial examples, which are crafted to cause the model to make wrong predictions. In real-world scenario, since adversary cannot access to target models, black-box attack has attracted great attention. Among them, many studies have been conducted on transfer-based attacks because they can effectively attack unknown target model. However, transfer-based attacks often fail to fool other models which have slightly different activation maps because adversarial examples tend to overfit to the source model. To alleviate this problem, we introduce Feature Translation Attack (FTA), which applies translation on intermediate features during optimization process. Specifically, FTA generates a new adversarial example whose feature is similar to the ensemble of translated features from the existing adversarial example. We achieved better performance than state-of-the-art methods in extensive experiments.
- Advisors
- Kim, Changickresearcher; 김창익researcher
- Description
- 한국과학기술원 :전기및전자공학부,
- Publisher
- 한국과학기술원
- Issue Date
- 2023
- Identifier
- 325007
- Language
- eng
- Description
학위논문(석사) - 한국과학기술원 : 전기및전자공학부, 2023.2,[iii, 22 p. :]
- Keywords
적대적 공격▼a적대적 예제▼a전이성 기반 공격; Adversarial attack▼aadversarial example▼atransfer-based attack
- Appears in Collection
- EE-Theses_Master(석사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.