Attacking Transformers with Feature Diversity Adversarial Perturbation

arXiv:2403.07942v1 Announce Type: new
Abstract: Understanding the mechanisms behind Vision Transformer (ViT), particularly its vulnerability to adversarial perturba tions, is crucial for addressing challenges in its real-world applications. Existing ViT adversarial attackers rely on la bels to calculate the gradient for perturbation, and exhibit low transferability to other structures and tasks. In this paper, we present a label-free white-box attack approach for ViT-based models that exhibits strong transferability to various black box models, including most ViT variants, CNNs, and MLPs, …

adversarial applications arxiv attackers challenges cs.cr cs.cv diversity feature low real transformers understanding vulnerability world