Increasing Transferability by Imposing Linearity and Perturbation in Intermediate Layer with Diverse Input Patterns

Abstract

Despite high prediction accuracy, deep neural networks are vulnerable to adversarial attacks, introduced by perturbations that humans may not even perceive. Hence, adversarial examples can mislead the trained networks. As a consequence, the security of such systems can get compromised. The process of generating adversarial examples can assist us in investigating the robustness of different models. Many developed adversarial attacks often fail under challenging black box settings. It is required to improve the success rate of misleading a network by adversarial examples crafted to trick another model. This phenomenon is known as transferability. In contrast to the existing methods, we propose to increase the rate of transferability by inducing linearity in a few intermediate layers of architecture. The proposed design does not disturb the original architecture much. The intermediate layers play significant roles in generating feature maps suitable for a task. Hence, by analyzing the feature maps of architecture, a particular layer can be perturbed more to improve the transferability. The performance is further enhanced by considering diverse input patterns. Experimental results demonstrate the success in increasing the transferability of our proposition.