DIB-UAP: enhancing the transferability of universal adversarial perturbation via deep information bottleneck

Significant structural differences in DNN-based object detectors hinders the transferability of adversarial attacks. Studies show that intermediate features extracted by the detector contain more model-independent information, and disrupting these features can enhance attack transferability across different detectors. However, the challenge lies in selecting crucial features that impact detection from redundant intermediate features. To address this issue, we introduce the Deep information bottleneck universal adversarial perturbation (DIB-UAP). DIB-UAP utilizes the deep information bottleneck to establish a link between intermediate features and model output, extracting crucial intermediate features and disrupting them to generate UAP with strong attack transferability. Additionally, we propose a data augmentation method, Scale & Tile, which effectively enhances the attack performance of UAP on medium and large-scale objects. Testing on two benchmark datasets with eight comparative methods across four black-box mainstream detectors has confirmed the attack transferability of DIB-UAP. Furthermore, practical utility validation of DIB-UAP has been conducted on a commercial object detection platform.