Improving the Transferability of Adversarial Samples through Automatically Learning Augmentation Strategies from Data

The attackers cause the deep neural network (DNN) to misclassify the original image by adding perceptible perturbations, which brings security risks to deploying deep neural networks. Since the existing transfer-based attack algorithms overfit to the source model resulting in poor transferability of black-box attacks and data augmentation is one of the main methods to avoid overfitting the source model. We propose an auto-augmented transferable black-box attack method. Firstly, we set up a search space for data augmentation strategies, and then we use reinforcement learning to search for the best augmentation strategy automatically. We use the strategies to augment images that are used to compute gradients. Finally, we employ the fast gradient sign algorithm to generate adversarial examples. Extensive experiments on ImageNet show the superiority of our method to stateof-the-art baselines in attacking different undefended and defended models. © 2023, Femto Technique Co. All rights reserved.