| Title |
An Image Warping Method for Improving the Transferability of Adversarial Attacks |
| Authors |
손민지(Minji Son) ; 권명준(Myung-Joon Kwon) ; 조승주(Seungju Cho) ; 김창익(Changick Kim) |
| DOI |
https://doi.org/10.5573/ieie.2022.59.10.152 |
| Keywords |
Adversarial attack; Transfer-based attack; Transferability; Image warping; Elastic transformation |
| Abstract |
Convolutional neural networks have achieved remarkable success in computer vision fields, but they are vulnerable to adversarial examples with imperceptible perturbations. This vulnerability may cause severe social problems when neural networks are deployed in a safety-critical and security-sensitive real-world environment. Thus, adversarial attacks are being actively studied to diagnose weak points of the networks and fix them before deployment. When access to the target network is limited, the attacker craft adversarial examples using their local source model and expect these images to remain adversarial to the target model. To improve the transferability of this kind of attack, various input transformation-based methods have been proposed. However, previous studies achieved limited transferability because they apply the same transformation to each pixel. Therefore, this paper proposes a new method of moving each pixel in various directions using elastic transformation. This prevents the generated adversarial examples from overfitting the source model and hence increases the transferability. Experiments show that adversarial examples crafted using the elastic transformation achieve much higher transferability compared to previous input transformation-based methods. |