Enhance Stealthiness and Transferability of Adversarial Attacks with Class Activation Mapping Ensemble Attack
Hui Xia
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · ML Security & Privacy
This talk introduces the **Class Activation Mapping Ensemble Attack (CAM-EA)**, a novel adversarial attack method designed to significantly enhance the stealthiness and transferability of adversarial examples against Deep Neural Networks (DNNs). Presented by Hui Xia at the NDSS Symposium, the research addresses two critical shortcomings of existing adversarial attacks: their tendency to produce easily perceptible perturbations and their limited effectiveness, particularly in scenarios with a low number of attack iterations or when targeting unseen models (black-box attacks).