Enhancing the transferability of adversarial examples on vision transformers

The advancement of adversarial attack techniques, particularly against neural network architectures, is a crucial area of research in machine learning. Notably, the emergence of vision transformers (ViTs) as a dominant force in computer vision tasks has opened avenues for exploring their vulnerabilities. In this context, we introduce dual gradient optimization for adversarial transferability (DGO-AT), a comprehensive strategy designed to enhance the transferability of adversarial examples in ViTs. DGO-AT incorporates two innovative components: attention gradient smoothing (AGS) and multi-layer perceptron gradient random dropout (GRD-MLP). AGS targets the attention layers of ViTs to smooth gradients and reduce noise, focusing on global features for improved transferability. GRD-MLP, on the other hand, introduces stochasticity into MLP gradient updates, broadening the adversarial examples' applicability. The synergy of these strategies in DGO-AT addresses the unique structural aspects of ViTs, leading to more effective and transferable adversarial attacks. Our comprehensive evaluations of a variety of ViT and CNN models, using the ImageNet dataset, demonstrate that DGO-AT significantly enhances the effectiveness and transferability of attacks, thereby contributing to the ongoing discourse on the adversarial robustness of advanced neural network models. (c) 2024 SPIE and IS&T