Sharpness-Aware Optimization for Real-World Adversarial Attacks for Diverse Compute Platforms with Enhanced Transferability

Muchao Ye; Xiang Xu; Qin Zhang; Jonathan Wu

doi:10.1109/CVPRW63382.2024.00299

Back

Conference proceeding

Sharpness-Aware Optimization for Real-World Adversarial Attacks for Diverse Compute Platforms with Enhanced Transferability

Muchao Ye, Xiang Xu, Qin Zhang and Jonathan Wu

2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp.2937-2946

06/17/2024

DOI: 10.1109/CVPRW63382.2024.00299

View Online

Abstract

In recent years, deep neural networks (DNNs) have become integral to many real-world applications. A pressing concern in these deployments pertains to their vulnerability to adversarial attacks. In this work, we focus on the transferability of adversarial examples in a real-world deployment setting involving both a cloud model and an edge model. The cloud model is a black-box victim model, while the edge model is a surrogate model that is fully accessible to users. We investigated scenarios where attackers leverage information from the known surrogate model to generate adversarial examples to attack the unknown black-box victim model. Existing methods often optimize the adversarial example generation based on the steepest gradients estimated from the surrogate model, which do not generalize effectively to the victim model. To better gauge the for real-world adversarial risks in a cloud-edge deployment setting, we proposed an novel attack mechanism that enhanced transferability by incorporating a sharpness-aware objective into the optimization process. Our evaluation on image classification benchmarks demonstrates that our method significantly improves adversarial example's transferability, even on the foundational computer vision models such as OFA-Large, showcasing its potential as a new standard in assessing attack transferability within a cloud-edge hybrid deployment scenario.

Computer Vision

Pattern Recognition

Artificial neural networks

Closed box

Computational modeling

Perturbation methods

Pressing

Details

Title: Subtitle: Sharpness-Aware Optimization for Real-World Adversarial Attacks for Diverse Compute Platforms with Enhanced Transferability
Creators: Muchao Ye - Amazon
Xiang Xu - Amazon
Qin Zhang - Amazon
Jonathan Wu - Amazon
Resource Type: Conference proceeding
Publication Details: 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp.2937-2946
Publisher: IEEE
DOI: 10.1109/CVPRW63382.2024.00299
eISSN: 2160-7516
Language: English
Date published: 06/17/2024
Academic Unit: Computer Science
Record Identifier: 9984721139102771

Metrics

3 Record Views