Improving transferability of adversarial examples via Bayesian attacks (original) (raw)

Li, Qizhang, Guo, Yiwen, Yang, Xiaochen ORCID: https://orcid.org/0000-0002-9299-5951, Zuo, Wangmeng and Chen, Hao(2025) Improving transferability of adversarial examples via Bayesian attacks.IEEE Transactions on Circuits and Systems for Video Technology, (doi: 10.1109/TCSVT.2025.3609284) (Early Online Publication)

Abstract

The transferability of adversarial examples allows for the attack on unknown deep neural networks (DNNs), posing a serious threat to many applications and attracting great attention. In this paper, we improve the transferability of adversarial examples by incorporating the Bayesian formulation into both the model parameters and model input, enabling their joint diversification. We demonstrate that combination of Bayesian formulations for both the model input and model parameters yields significant improvements in transferability. By introducing advanced approximations of the posterior distribution over the model input, adversarial transferability achieves further enhancement, surpassing all state-of-the-arts when attacking without model fine-tuning. Additionally, we propose a principled approach to fine-tune model parameters within this Bayesian framework. Extensive experiments demonstrate that our method achieves a new state-of-the-art in transfer-based attacks, significantly improving the average success rate on ImageNet and CIFAR-10. We will make our code publicly available.

University Staff: Request a correction | Enlighten Editors: Update this record

Deposit and Record Details