基于注意力引导的动态步长投影攻击方法

Journal: Advances in Computer and Autonomous Intelligence Research DOI: 10.12238/acair.v3i3.15548

李啸宇

广州大学

Abstract

黑盒迁移攻击通过源模型生成对抗样本,诱导未知目标模型误分类,是提升模型安全性的重要手段。针对多步攻击易过拟合源模型、降低迁移性的难题,本文提出基于注意力引导的动态步长投影攻击方法。该方法结合攻击初期扰动的高迁移性特征,自适应调整步长以减少无效扰动,同时利用注意力机制将潜在扰动集中于模型敏感区域,提升攻击效率和跨模型迁移能力。实验表明,该方法在多个模型上均实现显著性能提升。

Keywords

对抗样本;黑盒;迁移攻击;注意力机制

References

[1] He K,Zhang X, Ren S,et al.Deep residual learning for image recognition[C].Proceedings of the IEEE conference on computer vision and pattern recognition,2016:770-778.
[2] Joshi A,Dabre R,Kanojia D,et al.Natural language proc essing for dialects of a language: A survey[J].ACM Computing Surveys,2025,57(6):1-37.
[3] Liu Y,Chen X,Liu C,et al.Delving into transferable adver sarial examples and black-box attacks[J].arXiv preprint arXiv: 1611.02770,2016.
[4] Szegedy C,Zaremba W,Sutskever I,et al.Intriguing prope rties of neural networks[J].arXiv preprint arXiv:1312.6199,2013.

Copyright © 2025 李啸宇

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License