This website requires JavaScript.

# Towards Transferable Unrestricted Adversarial Examples with Minimum Changes

Transfer-based adversarial example is one of the most important classes ofblack-box attacks. However, there is a trade-off between transferability andimperceptibility of the adversarial perturbation. Prior work in this directionoften requires a fixed but large $\ell_p$-norm perturbation budget to reach agood transfer success rate, leading to perceptible adversarial perturbations.On the other hand, most of the current unrestricted adversarial attacks thataim to generate semantic-preserving perturbations suffer from weakertransferability to the target model. In this work, we propose a geometry-awareframework to generate transferable adversarial examples with minimum changes.Analogous to model selection in statistical machine learning, we leverage avalidation model to select the optimal perturbation budget for each image underboth the $\ell_{\infty}$-norm and unrestricted threat models. Extensiveexperiments verify the effectiveness of our framework on balancingimperceptibility and transferability of the crafted adversarial examples. Themethodology is the foundation of our entry to the CVPR'21 Security AIChallenger: Unrestricted Adversarial Attacks on ImageNet, in which we ranked1st place out of 1,559 teams and surpassed the runner-up submissions by 4.59%and 23.91% in terms of final score and average image quality level,respectively. Code is available at https://github.com/Equationliu/GA-Attack.

Q1论文试图解决什么问题？
Q2这是否是一个新的问题？
Q3这篇文章要验证一个什么科学假设？
0