… ric called Gradient Similarity that allows us to capture the influence of training data on test
inputs. We show that Gradient Similarity behaves differently for normal and adversarial inputs, …

… the gradient-based attacks of the image classification task in this paper. Previous researches
focused more on the attack success rate of adversarial … similarity to measure the similarity …

… similarity constraints into the adversarial loss, our white-box attack produces more natural
adversarial … The adversarial distribution can be sampled efficiently to query different target …

… Similar with the process of training neural networks, the process of generating … a robust
adversarial attack, which we refer to as NI-FGSM (Nesterov Iterative Fast Gradient Sign Method). …

… gradient-based adversarial attack method. The main idea of MGAA is to generate the adversarial
ex… directions in metatrain and meta-test steps as similar as possible, which is consistent …

… method to generate adversarial examples, except that the true gradient ∇xf(x, … gradient can
remain higher cosine similarity with the true gradient, which facilitates the adversarial attacks …

… In principle, the adversarial attack exploits the gradient or statistical information to
generate … In this paper, we propose a similarity-based adversarial attack against FR-based …

… attack algorithms called momentum iterative gradient-based methods, in which we accumulate
gradients … We calculate the cosine similarity of two successive perturbations and show the …

… -box adversarial attack algorithm on text classification models, TextTricker, which can generate
targeted or non-targeted adversarial … In this way, we show the distribution of similarity to …

… the gradient relevance framework gives the attack a broader receptive scope, which enables
the crafted adversarial … similarity and the attacking performance, we adopted the average …