Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data, i.e., images, text, and audio. Accordingly, its promising performance has led to the GAN-based adversarial attack methods in the white-box and black-box attack scenarios. The importance of transferable black-box attacks lies in their ability to be effective across different models and settings, more closely aligning with real-world applications. However, it remains challenging to retain the performance in terms of transferable adversarial examples for such methods. Meanwhile, we observe that some enhanced gradient-based transferable adversarial attack algorithms require prolonged time for adversarial sample generation. Thus, in this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples whilst improving the algorithm's efficiency. The main approach is via optimising the training process of the generator parameters. With the functional and characteristic similarity analysis, we introduce a novel gradient editing (GE) mechanism and verify its feasibility in generating transferable samples on various models. Moreover, by exploring the frequency domain information to determine the gradient editing direction, GE-AdvGAN can generate highly transferable adversarial samples while minimizing the execution time in comparison to the state-of-the-art transferable adversarial attack algorithms. The performance of GE-AdvGAN is comprehensively evaluated by large-scale experiments on different datasets, which results demonstrate the superiority of our algorithm. The code for our algorithm is available at: https://github.com/LMBTough/GE-advGAN

翻译：对抗生成模型（如生成对抗网络GANs）广泛应用于图像、文本和音频等多种数据类型的生成。其在白盒与黑盒攻击场景中展现出的优异性能，催生了基于GAN的对抗攻击方法。迁移性黑盒攻击的重要性在于其能够跨不同模型与设置保持有效性，更贴近实际应用场景。然而，现有方法在生成可迁移对抗样本时仍面临性能保持的挑战。同时，我们发现部分增强型梯度迁移对抗攻击算法需要较长时间生成对抗样本。为此，本文提出一种名为GE-AdvGAN的新型算法，在提升对抗样本迁移性的同时提高算法效率。主要方法是通过优化生成器参数的训练过程。基于功能与特征相似性分析，我们引入新颖的梯度编辑（GE）机制，并在多种模型上验证了其生成可迁移样本的可行性。此外，通过探索频域信息确定梯度编辑方向，GE-AdvGAN能在生成高迁移性对抗样本的同时，相较于当前最先进的迁移对抗攻击算法显著缩短执行时间。通过不同数据集上的大规模实验，全面评估了GE-AdvGAN的性能，实验结果证明了本算法的优越性。算法代码已开源：https://github.com/LMBTough/GE-advGAN