Towards Model Resistant to Transferable Adversarial Examples via Trigger Activation
Journal:
arXiv
Published Date:
Apr 20, 2025
Abstract
Adversarial examples, characterized by imperceptible perturbations, pose
significant threats to deep neural networks by misleading their predictions. A
critical aspect of these examples is their transferability, allowing them to
deceive {unseen} models in black-box scenarios. Despite the widespread
exploration of defense methods, including those on transferability, they show
limitations: inefficient deployment, ineffective defense, and degraded
performance on clean images. In this work, we introduce a novel training
paradigm aimed at enhancing robustness against transferable adversarial
examples (TAEs) in a more efficient and effective way. We propose a model that
exhibits random guessing behavior when presented with clean data
$\boldsymbol{x}$ as input, and generates accurate predictions when with
triggered data $\boldsymbol{x}+\boldsymbol{\tau}$. Importantly, the trigger
$\boldsymbol{\tau}$ remains constant for all data instances. We refer to these
models as \textbf{models with trigger activation}. We are surprised to find
that these models exhibit certain robustness against TAEs. Through the
consideration of first-order gradients, we provide a theoretical analysis of
this robustness. Moreover, through the joint optimization of the learnable
trigger and the model, we achieve improved robustness to transferable attacks.
Extensive experiments conducted across diverse datasets, evaluating a variety
of attacking methods, underscore the effectiveness and superiority of our
approach.
