Data-Free Universal Attack by Exploiting the Intrinsic Vulnerability of Deep Models
Authors: YangTian Yan, Jinyu Tian
AAAI 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Remarkably, our method achieves highly competitive performance in attacking popular image classification deep models without using any image samples. We also evaluate the black-box attack performance of our method, showing that it matches the state-of-the-art baseline for data-free methods on models that conform to our theoretical framework. Experiments demonstrate that the attack success rate decreases by only 4% when the adversary has access to just 50% of the linear layers in the victim model. |
| Researcher Affiliation | Academia | Yang Tian Yan, Jinyu Tian* Faculty of Innovation Engineering, Macau University of Science and Technology EMAIL, EMAIL |
| Pseudocode | Yes | Algorithm 1: Algorithm for Our Proposed Intri UAP Method |
| Open Source Code | Yes | Code https://github.com/yyt0718/Intri Attack |
| Open Datasets | Yes | We benchmarked our method against the latest datafree and data-dependent UAPs on the Image Net dataset. ... To effectively assess the attack performance of our method, we report the fooling ratio on the 50,000-image validation set from Image Net ILSVRC2012 |
| Dataset Splits | Yes | To effectively assess the attack performance of our method, we report the fooling ratio on the 50,000-image validation set from Image Net ILSVRC2012 |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU models, CPU types, or memory specifications) used for running the experiments. |
| Software Dependencies | No | The paper does not specify any software dependencies with version numbers (e.g., specific libraries or programming language versions). |
| Experiment Setup | Yes | Initialization of Intri UAP. We consider the following initialization of our Intri UAP ξ describe in Algorithm 1: 1. Image Net Mean and Range prior... 2. Gaussian Distribution: We generated perturbations by sampling from a Gaussian distribution N(µ, σ2). In our experiments, µ was set to 0.45, with σ values of 0.1. 3. Uniform Distribution: We generated perturbations by sampling from a uniform distribution U(a, b). In our experiments, a was set to 0.40, b was set to 0.60. ... Finally, a clipping operation is applied to ensure that the ℓ -norm of ξ remains within the bound of 10. ... We employ the Adam optimizer combined with a Step LR scheduler. |