Exploring Frequencies via Feature Mixing and Meta-Learning for Improving Adversarial Transferability

arXiv:2405.03193v1 Announce Type: new
Abstract: Recent studies have shown that Deep Neural Networks (DNNs) are susceptible to adversarial attacks, with frequency-domain analysis underscoring the significance of high-frequency components in influencing model predictions. Conversely, targeting low-frequency components has been effective in enhancing attack transferability on black-box models. In this study, we introduce a frequency decomposition-based feature mixing method to exploit these frequency characteristics in both clean and adversarial samples. Our findings suggest that incorporating features of clean samples into adversarial features …

abstract adversarial adversarial attacks analysis arxiv attacks box components cs.cv domain feature improving low meta meta-learning networks neural networks predictions significance studies study targeting type via