Cross-Task Attack: A Self-Supervision Generative Framework Based on Attention Shift

Qingyuan Zeng,Yunpeng Gong,Min Jiang
2024-07-19
Abstract:Studying adversarial attacks on artificial intelligence (AI) systems helps discover model shortcomings, enabling the construction of a more robust system. Most existing adversarial attack methods only concentrate on single-task single-model or single-task cross-model scenarios, overlooking the multi-task characteristic of artificial intelligence systems. As a result, most of the existing attacks do not pose a practical threat to a comprehensive and collaborative AI system. However, implementing cross-task attacks is highly demanding and challenging due to the difficulty in obtaining the real labels of different tasks for the same picture and harmonizing the loss functions across different tasks. To address this issue, we propose a self-supervised Cross-Task Attack framework (CTA), which utilizes co-attention and anti-attention maps to generate cross-task adversarial perturbation. Specifically, the co-attention map reflects the area to which different visual task models pay attention, while the anti-attention map reflects the area that different visual task models neglect. CTA generates cross-task perturbations by shifting the attention area of samples away from the co-attention map and closer to the anti-attention map. We conduct extensive experiments on multiple vision tasks and the experimental results confirm the effectiveness of the proposed design for adversarial attacks.
Computer Vision and Pattern Recognition,Artificial Intelligence
What problem does this paper attempt to address?
The problem that this paper attempts to solve is that most of the existing adversarial attack methods focus on single - task scenarios and ignore the characteristics of multi - task artificial intelligence systems. Specifically: 1. **Limitations of Existing Adversarial Attack Methods**: - Most of the existing adversarial attack methods only focus on single - task single - model or single - task cross - model scenarios and fail to take into account the characteristics of multi - task collaboration. - These methods do not pose a real threat to comprehensive and collaborative AI systems in practical applications. 2. **Challenges of Cross - Task Attacks**: - Conducting cross - task attacks is very challenging because it is difficult to obtain the true labels of the same picture in different tasks and it is difficult to coordinate the loss functions between different tasks. - For example, in tasks such as image classification, object detection, and semantic segmentation, how to generate adversarial samples that can deceive multiple tasks simultaneously is a difficult problem. To solve these problems, the author proposes a self - supervised generation framework based on attention transfer (CTA, Cross - Task Attack), which uses the co - attention map and the anti - attention map to generate cross - task adversarial perturbations. Specifically: - The **co - attention map** reflects the areas of concern of different visual task models. - The **anti - attention map** reflects the areas ignored by different visual task models. By shifting the attention of samples from the co - attention map to the anti - attention map, CTA achieves cross - task attacks. This method does not require any task - specific loss functions or true labels, so it is more general and flexible. ### Main Contributions of the Paper 1. **Intuitive Analysis of Existing Methods**: - Analyzed the principles of existing single - task and cross - task attack methods and explained the reasons for their weak performance in cross - task scenarios. 2. **Introduction of the Concepts of Co - Attention and Anti - Attention**: - For the first time, applied the common attention of different visual tasks to adversarial attacks and proposed a self - supervised generation framework CTA, which achieves cross - task attacks by guiding image attention to areas ignored by various visual tasks. 3. **Experimental Verification**: - Conducted extensive experiments on multiple visual tasks, and the results show that CTA has a significant effect in adversarial attacks, especially excellent in object detection and semantic segmentation tasks. Through these innovations, CTA provides a new perspective to solve the problem of cross - task adversarial attacks and further promotes the development of the field of adversarial machine learning.