论文标题
无头骑士:对转移学习模型的对抗性攻击
Headless Horseman: Adversarial Attacks on Transfer Learning Models
论文作者
论文摘要
转移学习有助于使用预训练的模型作为功能提取器来培训特定于任务的分类器。我们提出了一个针对此类分类器的可转移对抗性攻击的家庭,该家族无需访问分类头而产生。我们称这些\ emph {无头攻击}。我们首先使用\ textIt {仅}对受害者网络进行了成功的传输攻击。这激发了引入标签盲的对抗攻击。这种转移攻击方法不需要有关受害者的班级标签空间的任何信息。我们的攻击降低了在CIFAR10上训练的RESNET18的准确性超过40 \%。
Transfer learning facilitates the training of task-specific classifiers using pre-trained models as feature extractors. We present a family of transferable adversarial attacks against such classifiers, generated without access to the classification head; we call these \emph{headless attacks}. We first demonstrate successful transfer attacks against a victim network using \textit{only} its feature extractor. This motivates the introduction of a label-blind adversarial attack. This transfer attack method does not require any information about the class-label space of the victim. Our attack lowers the accuracy of a ResNet18 trained on CIFAR10 by over 40\%.
