Abstract:Studying adversarial attacks on artificial intelligence (AI) systems helps discover model shortcomings, enabling the construction of a more robust system. Most existing adversarial attack methods only concentrate on single-task single-model or single-task cross-model scenarios, overlooking the multi-task characteristic of artificial intelligence systems. As a result, most of the existing attacks do not pose a practical threat to a comprehensive and collaborative AI system. However, implementing cross-task attacks is highly demanding and challenging due to the difficulty in obtaining the real labels of different tasks for the same picture and harmonizing the loss functions across different tasks. To address this issue, we propose a self-supervised Cross-Task Attack framework (CTA), which utilizes co-attention and anti-attention maps to generate cross-task adversarial perturbation. Specifically, the co-attention map reflects the area to which different visual task models pay attention, while the anti-attention map reflects the area that different visual task models neglect. CTA generates cross-task perturbations by shifting the attention area of samples away from the co-attention map and closer to the anti-attention map. We conduct extensive experiments on multiple vision tasks and the experimental results confirm the effectiveness of the proposed design for adversarial attacks.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is that most of the existing adversarial attack methods focus on single - task scenarios and ignore the characteristics of multi - task artificial intelligence systems. Specifically: 1. **Limitations of Existing Adversarial Attack Methods**: - Most of the existing adversarial attack methods only focus on single - task single - model or single - task cross - model scenarios and fail to take into account the characteristics of multi - task collaboration. - These methods do not pose a real threat to comprehensive and collaborative AI systems in practical applications. 2. **Challenges of Cross - Task Attacks**: - Conducting cross - task attacks is very challenging because it is difficult to obtain the true labels of the same picture in different tasks and it is difficult to coordinate the loss functions between different tasks. - For example, in tasks such as image classification, object detection, and semantic segmentation, how to generate adversarial samples that can deceive multiple tasks simultaneously is a difficult problem. To solve these problems, the author proposes a self - supervised generation framework based on attention transfer (CTA, Cross - Task Attack), which uses the co - attention map and the anti - attention map to generate cross - task adversarial perturbations. Specifically: - The **co - attention map** reflects the areas of concern of different visual task models. - The **anti - attention map** reflects the areas ignored by different visual task models. By shifting the attention of samples from the co - attention map to the anti - attention map, CTA achieves cross - task attacks. This method does not require any task - specific loss functions or true labels, so it is more general and flexible. ### Main Contributions of the Paper 1. **Intuitive Analysis of Existing Methods**: - Analyzed the principles of existing single - task and cross - task attack methods and explained the reasons for their weak performance in cross - task scenarios. 2. **Introduction of the Concepts of Co - Attention and Anti - Attention**: - For the first time, applied the common attention of different visual tasks to adversarial attacks and proposed a self - supervised generation framework CTA, which achieves cross - task attacks by guiding image attention to areas ignored by various visual tasks. 3. **Experimental Verification**: - Conducted extensive experiments on multiple visual tasks, and the results show that CTA has a significant effect in adversarial attacks, especially excellent in object detection and semantic segmentation tasks. Through these innovations, CTA provides a new perspective to solve the problem of cross - task adversarial attacks and further promotes the development of the field of adversarial machine learning.

Cross-Task Attack: A Self-Supervision Generative Framework Based on Attention Shift

Enhancing Cross-task Transferability of Adversarial Examples Via Spatial and Channel Attention

Stealthy Multi-Task Adversarial Attacks

One-Shot Adversarial Attacks on Visual Tracking With Dual Attention

Towards cross-task universal perturbation against black-box object detectors in autonomous driving

Targeted Adversarial Attack against Deep Cross-modal Hashing Retrieval

Multi-Task Models Adversarial Attacks

Robust Superpixel-Guided Attentional Adversarial Attack

Adversarial Attacks on Hidden Tasks in Multi-Task Learning

Using Multiple Self-Supervised Tasks Improves Model Robustness

Attention, Please! Adversarial Defense via Activation Rectification and Preservation

Cross-shaped Adversarial Patch Attack

UCG: A Universal Cross-Domain Generator for Transferable Adversarial Examples

Cross-Modality Attack Boosted by Gradient-Evolutionary Multiform Optimization

Challenging AI+Camera Systems with Physical Adversarial Attacks

VQAttack: Transferable Adversarial Attacks on Visual Question Answering via Pre-trained Models

Time-aware and task-transferable adversarial attack for perception of autonomous vehicles

Push & Pull: Transferable Adversarial Examples With Attentive Attack

Imperceptible Adversarial Attack with Multi-granular Spatio-temporal Attention for Video Action Recognition

Attention Masks Help Adversarial Attacks to Bypass Safety Detectors

PG-Attack: A Precision-Guided Adversarial Attack Framework Against Vision Foundation Models for Autonomous Driving