Deep neural networks (DNNs) have been shown to be vulnerable to adversarial examples. Moreover, the transferability of the adversarial examples has received broad attention in recent years, which means that adversarial examples crafted by a surrogate model can also attack unknown models. This phenomenon gave birth to the transfer-based adversarial attacks, which aim to improve the transferability of the generated adversarial examples. In this paper, we propose to improve the transferability of adversarial examples in the transfer-based attack via masking unimportant parameters (MUP). The key idea in MUP is to refine the pretrained surrogate models to boost the transfer-based attack. Based on this idea, a Taylor expansion-based metric is used to evaluate the parameter importance score and the unimportant parameters are masked during the generation of adversarial examples. This process is simple, yet can be naturally combined with various existing gradient-based optimizers for generating adversarial examples, thus further improving the transferability of the generated adversarial examples. Extensive experiments are conducted to validate the effectiveness of the proposed MUP-based methods.

本文提出基于屏蔽无关参数（MUP）的方法来提高转移型对抗攻击中对抗样本的传递性。通过使用基于泰勒展开的评估参数重要性得分的度量方法，并在生成对抗样本时屏蔽不重要的参数来优化先前的代理模型，可以很好地改善传递对抗攻击。通过广泛的实验，可以验证提出的基于MUP的方法的有效性。

通过遮蔽无关参数来增强代理模型的对抗样本传递性能