Improving transferability of universal adversarial perturbations with dual random transformations이중 무작위 변환 기법을 통한 보편적 적대적 섭동의 전이성 향상
Convolutional Neural Network (CNN) models have achieved state-of-art performances in various computer vision tasks. However, it has been shown that there exist adversarial perturbations, that can fool CNN classifiers when added to an input image, while they are almost imperceptible to human eyes. After that, it turned out that there exist malicious universal adversarial perturbations, which are image-agnostic and can fool CNN classifiers when added to any input image. In most real-world cases, attackers cannot access the target model. Therefore, most attacks are performed under black-box settings, where attackers rely on the transferability. Thus, we propose a new method to increase the attack success rates of a universal adversarial perturbation (UAP) under black-box settings by conducting Dual Random Transformations (DRT). We improved the transferability of universal adversarial perturbations by performing different random transformations to input images and universal adversarial perturbations. DRT showed remarkable performance improvement under black-box settings, compared to applying the same transformation to images and the perturbation. DRT method also demonstrated improved transferability when combined with MI, TI, and SI methods.
- Advisors
- 김창익researcher
- Description
- 한국과학기술원 :전기및전자공학부,
- Publisher
- 한국과학기술원
- Issue Date
- 2024
- Identifier
- 325007
- Language
- eng
- Description
학위논문(석사) - 한국과학기술원 : 전기및전자공학부, 2024.2,[iv, 30 p. :]
- Keywords
적대적 공격▼a보편적 적대적 섭동▼a전이성; Adversarial Attacks▼aUniversal Adversarial Perturbations▼aTransferability
- Appears in Collection
- EE-Theses_Master(석사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.