Enhancing the Transferability of Adversarial Attacks through Dual-Frequency Domain Transforms and High-Frequency Gradient Guided

Deep neural networks are susceptible to misclassification from subtle input perturbations. Adversarial sample attacks have already achieved a very high success rate in white-box settings. However, the transferability of adversarial samples is poor due to the substantial differences between Substitute Models and victim models. To solve this problem, we propose an additional high-frequency gradient attack method based on frequency-domain transformation. Initially, we apply a transformation to the input data based on DCT(Discrete Cosine Transform) and DWT(Discrete Wavelet Transformation). We enhance the models in the frequency domain, which diversifies the Substitute Models after enhancement, better simulating a variety of victim models. Subsequently, we utilize the high-frequency image components to guide the gradient descent, thereby preventing overfitting and improving adversarial sample transferability. Our method is compatible with other adversarial method to further increase the attack success rate. Extensive experiments on the ImageNet dataset confirm the effectiveness of our adversarial method. The success rate on several mainstream models exceeds that of state-of-the-art attack methods.