GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model

作     者：Zhu, Zhiyu Chen, Huaming Wang, Xinyi Zhang, Jiayu Jin, Zhibo Choo, Kim-Kwang Raymond Shen, Jun Yuan, Dong 

作者机构：The School of Electrical and Computer Engineering The University of Sydney Australia The University of Malaya Malaysia Suzhou Yierqi China The Department of Information Systems and Cyber Security The University of Texas at San Antonio United States University of Wollongong Australia 

出 版 物：《arXiv》 (arXiv)

年 卷 期：2024年

核心收录：

主　　题：Generative adversarial networks 

摘      要：Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data, i.e., images, text, and audio. Accordingly, its promising performance has led to the GAN-based adversarial attack methods in the white-box and black-box attack scenarios. The importance of transferable black-box attacks lies in their ability to be effective across different models and settings, more closely aligning with real-world applications. However, it remains challenging to retain the performance in terms of transferable adversarial examples for such methods. Meanwhile, we observe that some enhanced gradient-based transferable adversarial attack algorithms require prolonged time for adversarial sample generation. Thus, in this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples whilst improving the algorithm’s efficiency. The main approach is via optimising the training process of the generator parameters. With the functional and characteristic similarity analysis, we introduce a novel gradient editing (GE) mechanism and verify its feasibility in generating transferable samples on various models. Moreover, by exploring the frequency domain information to determine the gradient editing direction, GE-AdvGAN can generate highly transferable adversarial samples while minimizing the execution time in comparison to the state-of-the-art transferable adversarial attack algorithms. The performance of GE-AdvGAN is comprehensively evaluated by large-scale experiments on different datasets, which results demonstrate the superiority of our algorithm. The code for our algorithm is available at: https://***/LMBTough/GE-advGAN. Copyright © 2024, The Authors. All rights reserved.