Improving adversarial transferability via model alignment

Conference item

Neural networks are susceptible to adversarial perturbations that are transferable across different models. In this paper, we introduce a novel model alignment technique aimed at improving a given source model’s ability in generating transferable adversarial perturbations. During the alignment process, the parameters of the source model are fine-tuned to minimize an alignment loss. This loss measures the divergence in the predictions between the source model and another, independently trained model, referred to as the witness model. To understand the effect of model alignment, we conduct a geometric analysis of the resulting changes in the loss landscape. Extensive experiments on the ImageNet dataset, using a variety of model architectures, demonstrate that perturbations generated from aligned source models exhibit significantly higher transferability than those from the original source model. Our source code is available at https://github.com/averyma/model-alignment.

Authors: Ma, A; Farahmand, AM; Pan, Y; Gu, J; Torr, P

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Springer
• Host title: Proceedings of the 18th European Conference on Computer Vision (ECCV 2024)
• Pages: 74–92
• Series: Lecture Notes in Computer Science
• Series number: 15120
• Publication date: 2024-10-31
• Acceptance date: 2024-07-01
• Event title: 18th European Conference on Computer Vision (ECCV 2024)
• Event location: Milan, Italy
• Event website: https://eccv.ecva.net/virtual/2024/index.html.
• Event start date: 2024-09-29
• Event end date: 2024-10-04
• DOI: 10.1007/978-3-031-73033-7_5
• EISSN: 1611-3349
• ISSN: 0302-9743
• Language: English