An Attention-Guided Dynamic Stride Projection Attack Framework
Keywords:
Adversarial Attack, Black-Box Transferability, Dynamic Step-length, Attention Guidance, Model Security, Deep LearningAbstract
Black-box transfer attacks represent a critical paradigm in adversarial machine learning, whereby adversarial examples crafted against a surrogate (source) model are deployed to deceive unknown target models. This approach serves as a vital tool for conducting security audits and enhancing the robustness of deep neural networks. A primary challenge, however, lies in the tendency of iterative attack methods to overfit the specific characteristics of the source model, thereby diminishing their cross-model transferability. To mitigate this issue, this paper proposes a novel Dynamic Step-length Projection Attack method based on Attention Guidance (DSP-Attack). The core of our method is twofold. First, it introduces a dynamic mechanism that adaptively adjusts the projection step size during the iterative perturbation generation process. This is motivated by the observation that initial perturbations often possess higher transferability; the proposed strategy thus prioritizes these early stages by employing a larger effective step size, while strategically curtailing potentially overfitting and ineffective perturbations in later iterations. Second, the method incorporates an attention guidance mechanism, derived from the source model's gradient-weighted class activation mapping, to focus the perturbation budget on regions that the model deems most salient for its predictions. This ensures that the adversarial modifications are applied to semantically meaningful and model-sensitive areas, thereby increasing the likelihood of the attack transferring to other architectures. Comprehensive experiments on the ImageNet dataset demonstrate the superior efficacy of our approach. The proposed DSP-Attack achieves significant performance improvements in transferability across a diverse set of target models, including ResNet, VGG, and DenseNet architectures, outperforming several state-of-the-art baseline methods. These findings affirm that jointly optimizing the attack trajectory via dynamic step-length control and spatial attention guidance is a potent strategy for crafting highly transferable adversarial examples.
References
Li, X., Lin, Y., & Zhang, Y. (2025). A Privacy-Preserving Framework for Advertising Personalization Incorporating Federated Learning and Differential Privacy. arXiv preprint arXiv:2507.12098.
Xu, Haoran. "CivicMorph: Generative Modeling for Public Space Form Development." (2025).
Tu, Tongwei. "SmartFITLab: Intelligent Execution and Validation Platform for 5G Field Interoperability Testing." (2025).
Xie, Minhui, and Boyan Liu. "EvalNet: Sentiment Analysis and Multimodal Data Fusion for Recruitment Interview Processing." (2025).
Zhu, Bingxin. "TaskComm: Task-Oriented Language Agent for Efficient Small Businesses Workflows." (2025).
Zhang, Yuhan. "Learning to Advertise: Reinforcement Learning for Automated Ad Campaign Optimization for Small Businesses." (2025).
Hu, Xiao. "Learning to Animate: Few-Shot Neural Editors for 3D SMEs." (2025).
Zhang, Yuhan. "InfraMLForge: Developer Tooling for Rapid LLM Development and Scalable Deployment." (2025).
Ding, C.; Wu, C. Self-Supervised Learning for Biomedical Signal Processing: A Systematic Review on ECG and PPG Signals. medRxiv 2024.
Wang, Hao. "Joint Training of Propensity Model and Prediction Model via Targeted Learning for Recommendation on Data Missing Not at Random." AAAI 2025 Workshop on Artificial Intelligence with Causal Techniques. 2025.
Lin, Tingting. "Digital Experience Observability in AI-Enhanced Systems: A Framework for Product Managers." ResearchGate, Mar (2025).
Chen, Rensi. "The application of data mining in data analysis." International Conference on Mathematics, Modeling, and Computer Science (MMCS2022). Vol. 12625. SPIE, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Yiming Chen
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
