Enhancing the Transferability of Adversarial Attacks with Nesterov Accelerated Gradient and Input Transformation

Recently, black-box attacks that are produced by leveraging the transferability of adversarial examples have garnered considerable attention. Nonetheless, existing black-box attacks often overfit the source model, leading to a reduced success rate. Therefore, in this paper, we propose a data transformation technique to increase the attack performance of such attacks by bolstering their transferability. Our transformation method constitutes a loss-preserving transformation, which can be viewed as a model expansion strategy to alleviate overfitting. Furthermore, we incorporate the Nesterov accelerated gradient to optimize the searching process of the attack production procedure. Finally, comprehensive comparisons on the NISP 2017 dataset with existing methods reveal that our approach can significantly enhance the transferability of black-box attacks.