Adversarial generative models, such as Generative Adversarial Networks (GANs), are widely applied for generating various types of data, i.e., images, text, and audio. Accordingly, its promising performance has led to the GAN-based adversarial attack methods in the white-box and black-box attack scenarios. The importance of transferable black-box attacks lies in their ability to be effective across different models and settings, more closely aligning with real-world applications. However, it remains challenging to retain the performance in terms of transferable adversarial examples for such methods. Meanwhile, we observe that some enhanced gradient-based transferable adversarial attack algorithms require prolonged time for adversarial sample generation. Thus, in this work, we propose a novel algorithm named GE-AdvGAN to enhance the transferability of adversarial samples whilst improving the algorithm's efficiency. The main approach is via optimising the training process of the generator parameters. With the functional and characteristic similarity analysis, we introduce a novel gradient editing (GE) mechanism and verify its feasibility in generating transferable samples on various models. Moreover, by exploring the frequency domain information to determine the gradient editing direction, GE-AdvGAN can generate highly transferable adversarial samples while minimizing the execution time in comparison to the state-of-the-art transferable adversarial attack algorithms. The performance of GE-AdvGAN is comprehensively evaluated by large-scale experiments on different datasets, which results demonstrate the superiority of our algorithm. The code for our algorithm is available at: https://github.com/LMBTough/GE-advGAN

翻译：摘要：对抗生成模型如生成对抗网络被广泛应用于生成图像、文本和音频等多种类型的数据。其优越性能推动了基于GAN的白盒与黑盒攻击场景下的对抗攻击方法发展。可迁移黑盒攻击的重要性在于其能跨不同模型和设定保持有效性，更贴近实际应用场景。然而，现有方法在生成可迁移对抗样本时仍难以维持性能。同时，我们观察到部分基于梯度增强的可迁移对抗攻击算法需要较长时间生成对抗样本。为此，本文提出一种名为GE-AdvGAN的新算法，旨在增强对抗样本迁移性的同时提升算法效率。主要方法是通过优化生成器参数的训练过程。基于功能与特征相似性分析，我们引入新颖的梯度编辑机制，并在多种模型上验证了其生成可迁移样本的可行性。此外，通过探索频域信息确定梯度编辑方向，GE-AdvGAN在生成高迁移性对抗样本的同时，相较现有最优可迁移对抗攻击算法显著缩短执行时间。通过在不同数据集上的大规模实验，全面评估了GE-AdvGAN的性能，结果证明了本算法的优越性。算法代码开源于：https://github.com/LMBTough/GE-advGAN