UCG: A Universal Cross-Domain Generator for Transferable Adversarial Examples

Generating transferable adversarial examples is a challenging issue in adversarial attacks. Existing works on transferable adversarial examples generation mainly focus on models with similar architectures and trained on the same data domain. However, in practice, information such as the model architecture type and training data domain is unlikely to be revealed in deployed models. In this work, we introduce the Universal Cross-domain Generator (UCG), a pioneering framework for transferable adversarial examples that is the first to simultaneously address both cross-domain and cross-architecture challenges in adversarial attacks. The design of UCG is mainly inspired by two key observations. First, there exists some commonality in attention regions even when the structures of models are different. Second, there exists prevalent instability of intermediate-feature maps across cross-domain models. We accordingly design an attention transfer mechanism and a roughness abatement mechanism to enhance the cross-architecture and cross-domain transferability of the generated adversarial examples. Moreover, we propose an integrated transformation processing technique to improve the transferability of the generated adversarial examples under different transformations. Experimental results demonstrate that, compared with state-of-the-art solutions, UCG improves the average transferable attack success rate by 14.6%, 7.8%, and 7.9% in the cross-architecture task (convolutional neural networks (CNNs) to vision transformers (ViTs)), coarse-grained cross-domain tasks, and fine-grained cross-domain tasks, respectively.