Understanding adversarial examples is crucial for improving the model's robustness, as they introduce imperceptible perturbations that deceive models. Effective adversarial examples, therefore, offer the potential to train more robust models by removing their singularities. We propose NODE-AdvGAN, a novel approach that treats adversarial generation as a continuous process and employs a Neural Ordinary Differential Equation (NODE) for simulating the dynamics of the generator. By mimicking the iterative nature of traditional gradient-based methods, NODE-AdvGAN generates smoother and more precise perturbations that preserve high perceptual similarity when added to benign images. We also propose a new training strategy, NODE-AdvGAN-T, which enhances transferability in black-box attacks by effectively tuning noise parameters during training. Experiments demonstrate that NODE-AdvGAN and NODE-AdvGAN-T generate more effective adversarial examples that achieve higher attack success rates while preserving better perceptual quality than traditional GAN-based methods.

翻译：理解对抗样本对于提升模型的鲁棒性至关重要，因为它们引入了难以察觉的扰动以欺骗模型。因此，有效的对抗样本通过消除模型的奇异性，为训练更鲁棒的模型提供了潜力。我们提出了NODE-AdvGAN，这是一种新颖的方法，它将对抗样本的生成视为一个连续过程，并采用神经常微分方程（NODE）来模拟生成器的动态特性。通过模仿传统基于梯度的迭代方法，NODE-AdvGAN能生成更平滑、更精确的扰动，当这些扰动添加到良性图像上时，能保持较高的感知相似性。我们还提出了一种新的训练策略——NODE-AdvGAN-T，该策略通过在训练过程中有效调整噪声参数，增强了在黑盒攻击中的可迁移性。实验表明，与传统的基于GAN的方法相比，NODE-AdvGAN和NODE-AdvGAN-T生成的对抗样本更有效，在保持更好感知质量的同时，实现了更高的攻击成功率。