English

Meta Gradient Adversarial Attack

Computer Vision and Pattern Recognition 2021-08-11 v2

Abstract

In recent years, research on adversarial attacks has become a hot spot. Although current literature on the transfer-based adversarial attack has achieved promising results for improving the transferability to unseen black-box models, it still leaves a long way to go. Inspired by the idea of meta-learning, this paper proposes a novel architecture called Meta Gradient Adversarial Attack (MGAA), which is plug-and-play and can be integrated with any existing gradient-based attack method for improving the cross-model transferability. Specifically, we randomly sample multiple models from a model zoo to compose different tasks and iteratively simulate a white-box attack and a black-box attack in each task. By narrowing the gap between the gradient directions in white-box and black-box attacks, the transferability of adversarial examples on the black-box setting can be improved. Extensive experiments on the CIFAR10 and ImageNet datasets show that our architecture outperforms the state-of-the-art methods for both black-box and white-box attack settings.

Keywords

Cite

@article{arxiv.2108.04204,
  title  = {Meta Gradient Adversarial Attack},
  author = {Zheng Yuan and Jie Zhang and Yunpei Jia and Chuanqi Tan and Tao Xue and Shiguang Shan},
  journal= {arXiv preprint arXiv:2108.04204},
  year   = {2021}
}

Comments

13 pages, 2 figures, 12 tables. Accepted by ICCV2021

R2 v1 2026-06-24T04:57:39.752Z