Summary of Transferable Adversarial Attacks on Sam and Its Downstream Models, by Song Xia and Wenhan Yang and Yi Yu and Xun Lin and Henghui Ding and Lingyu Duan and Xudong Jiang
Transferable Adversarial Attacks on SAM and Its Downstream Models
by Song Xia, Wenhan Yang, Yi Yu, Xun Lin, Henghui Ding, Lingyu Duan, Xudong Jiang
First submitted to arxiv on: 26 Oct 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper investigates the potential threats of fine-tuning large foundational models for downstream tasks, as their open accessibility can lead to adverse usage. Specifically, it explores the feasibility of adversarial attacking various downstream models fine-tuned from the segment anything model (SAM), solely utilizing information from the open-sourced SAM. The authors demonstrate the existence of adversarial dangers even without accessing the downstream task and dataset. They propose a universal meta-initialization (UMI) algorithm to extract intrinsic vulnerability in the foundation model, guiding the generation of adversarial perturbations. Additionally, they formulate the gradient difference between the open-sourced SAM and its fine-tuned downstream models, demonstrating deviation occurs during adversarial updates. The authors propose a gradient robust loss that simulates associated uncertainty with gradient-based noise augmentation to enhance robustness against this deviation. Their proposed universal meta-initialized and gradient robust adversarial attack (UMI-GRAT) shows effectiveness in attacking SAMs and their downstream models. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper looks at how using large foundational models for specific tasks can be a problem because they’re too easily accessible. Researchers fine-tune these models to make them better for certain jobs, but this makes them vulnerable to being used in bad ways. The scientists explore how to attack these fine-tuned models by only using the information from the open-source model. They find that there are dangers even without knowing the specific task or dataset. To make their attacks stronger, they come up with a new way to initialize the model and create perturbations. They also figure out how to make their attacks more robust against unexpected changes. |
Keywords
» Artificial intelligence » Fine tuning » Sam
