Improving the Transferability of Adversarial Examples with Image Affine Transformation

Abstract

Deep learning is widely regarded as a black-box technology. We all know its performance is very good, but we have limited understanding of why it is so good. At present, there are many researches on the interpretability of deep neural network. By studying adversarial example, we can understand the internal semantics of neural network and find the decision boundary with problems, which in turn helps to improve the robustness and performance of neural network and its interpretability. With the development of adversarial example research, more and more adversarial example generation methods are proposed. Although the attack from adversarial example poses a great security threat to the deep learning system, it can also be used as an effective tool to measure the robustness and reliability of the model, and the attack and defense are two mutually promoting processes. Therefore, how to generate adversarial example with stronger attack ability is worth further study. And this study proposes a method named Affine-Invariant Method, aimed to improve the transferability of adversarial examples in black-box environment.