Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (5): 426-434.doi: 10.11896/jsjkx.250600185

• Information Security • Previous Articles     Next Articles

Momentum Method with Monotonical Coordinate-wise Step-sizes for Adversarial Attacks

CHEN Jun1, TAO Wei2,3, BAO Lei1, TAO Qing1,4   

  1. 1 Army Arms University of PLA, Hefei 230031, China
    2 Key Laboratory of Big Data and Decision-making, National University of Defense Technology(NUDT), Changsha 410073, China
    3 Academy of Military Science, Beijing 100091, China
    4 Hefei University of Technology, Hefei 238076, China
  • Received:2025-06-26 Revised:2025-09-22 Published:2026-05-08
  • About author:CHEN Jun,born in 1989,postgraduate.His main research interests include machine learning and mathematical optimization.
    TAO Qing,born in 1965,Ph.D,professor,doctoral supervisor,is a senior member of CCF(No.09081S).His main research interests include machine learning,pattern recognition and applied mathematics.
  • Supported by:
    National Natural Science Foundation of China(60903098,62576351) and China Postdoctoral Science Foundation(General Program) (2024M764294).

PDF (PC)

189

Abstract: The generation of adversarial samples can be due to an optimization problem aimed at maximizing the objective functions of models.Currently,the strategies to solve the induced problems primarily rely on sign-gradient or sign-momentum methods.However,these approaches sacrifice critical gradient and momentum direction information,often leading to convergence issues and then resulting in instability of adversarial attacks.Inspired by the convergence analysis of AMSGrad,this paper proposes a momentum method with monotonical coordinate-wise step-size(MCS-MI) based on MI-FGSM,which enforces monotonically decreasing coordinate-wise step-sizes.For general convex cases,MCS-MI is proved to attain an optimal convergence rate of O(1/T),where T is the number of iterations.Furthermore,the strategy of enforcing monotonic coordinate-wise step-sizes is a general and efficient technique that can be integrated with existing momentum-based attack algorithms.Experimental comparisons with eight state-of-the-art adversarial attack methods on benchmark datasets demonstrate that the proposed approach not only exhibits superior stability but also significantly improves attack success rates,achieving maximum increases of 12.3% on CNN models and 5.9% on ViTs(Vision Transformers) respectively.

Key words: Machine learning, Adversarial attacks, Momentum, Sign-gradient, Convergence

CLC Number: 

  • TP391
[1]LANG C,CHENG G,TU B,et al.Learning What Not to Segment:A New Perspective on Few-Shot Segmentation[C]//2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2022:8047-8057.
[2]TIAN Z,SHEN C,CHEN H,et al.FCOS:Fully Convolutional One-Stage Object Detection[C]//2019 IEEE/CVF International Conference on Computer Vision(ICCV).2019:9626-9635.
[3]GOODFELLOW I J,POUGET-ABADIE J,MIRZA M,et al.Generative adversarial networks[J].Communications of the ACM,2014,63:139-144.
[4]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and Harnessing Adversarial Examples[J].arXiv:1412.6572,2014.
[5]KURAKIN A,GOODFELLOW I J,BENGIO S.Adversarialexamples in the physical world[J].arXiv:1607.02533,2016.
[6]DONG Y,LIAO F,PANG T,et al.Boosting Adversarial Attacks with Momentum[C]//2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.2018:9185-9193.
[7]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards Deep Learning Models Resistant to Adversarial Attacks[J].arXiv:1706.06083,2017.
[8]LIN J,SONG C,HE K,et al.Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks[J].arXiv:1908.06281,2019.
[9]WANG J,CHEN Z,JIANG K,et al.Boosting the Transferability of Adversarial Attacks with Global Momentum Initialization[J].arXiv:2211.11236,2022.
[10]WANG X,HE K.Enhancing the Transferability of Adversarial Attacks through Variance Tuning[C]//2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2021:1924-1933.
[11]WANG X,LIN J,HU H,et al.Boosting Adversarial Transferability through Enhanced Momentum[C]//British Machine Vision Conference.2021.
[12]PENG A,LIN Z,ZENG H,et al.Boosting Transferability ofAdversarial Example via an Enhanced Euler’s Method[C]//ICASSP 2023-2023 IEEE International Conference on Acoustics,Speech and Signal Processing(ICASSP).2023:1-5.
[13]GE Z,SHANG F,LIU H,et al.Boosting Adversarial Transferability by Achieving Flat Local Maxima[J].arXiv:2306.05225,2023.
[14]QIU C,DUAN Y,ZHAO L,et al.Enhancing Adversarial Transferability Through Neighborhood Conditional Sampling[J].ar-Xiv:2405.16181,2024.
[15]KARIMIREDDY S P,REBJOCK Q,STICH S U,et al.Error Feedback Fixes SignSGD and other Gradient Compression Schemes[J].arXiv:1901.09847,2019.
[16]REDDI S J,KALE S,KUMAR S.On the Convergence of Adam and Beyond[J].arXiv:1904.09237,2019.
[17]ZINKEVICH M A.Online Convex Programming and Genera-lized Infinitesimal Gradient Ascent[C]//International Confe-rence on Machine Learning.2003.
[18]LONG S,TAO W,ZHANG Z,et al.Optimal Convergence Rate of Adam-Type Algorithms for Non-Smooth Strongly Convex Problems[J].Journal of Electronics,2022(9):2049-2059.
[19]KINGMA D P,BA J.Adam:A Method for Stochastic Optimization[J].arXiv:1412.6980,2014.
[20]RUSSAKOVSKY O,DENG J,SU H,et al.ImageNet LargeScale Visual Recognition Challenge[J].International Journal of Computer Vision,2014,115:211-252.
[21]HE K,ZHANG X,REN S,et al.Deep Residual Learning forImage Recognition[C]//2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR).2016:770-778.
[22]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the Inception Architecture for Computer Vision[C]//2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR).2016:2818-2826.
[23]SIMONYAN K,ZISSERMAN A.Very Deep Convolutional Networks for Large-Scale Image Recognition[J].arXiv:1409.1556,2014.
[24]HUANG G,LIU Z,WEINBERGER K Q.Densely ConnectedConvolutional Networks[C]//2017 IEEE Conference on Computer Vision and Pattern Recognition(CVPR).2017:2261-2269.
[25]SANDLER M,HOWARD A G,ZHU M,et al.MobileNetV2:Inverted Residuals and Linear Bottlenecks[C]//2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.2018:4510-4520.
[26]DOSOVITSKIY A,BEYER L,KOLESNIKOV A,et al.AnImage is Worth 16x16 Words:Transformers for Image Recognition at Scale[J].arXiv:2010.11929,2020.
[27]LIU Z,LIN Y,CAO Y,et al.Swin Transformer:Hierarchical Vision Transformer using Shifted Windows[C]//2021 IEEE/CVF International Conference on Computer Vision(ICCV).2021:9992-10002.
[28]TRAMÈR F,KURAKIN A,PAPERNOT N,et al.EnsembleAdversarial Training:Attacks and Defenses[J].arXiv:1705.07204,2017.
[29]LIU Y,CHEN X,LIU C,et al.Delving into Transferable Adversarial Examples and Black-box Attacks[J].arXiv:1611.02770,2016.
[30]BAO L,TAO W,TAO Q.Enhancing Transferability of Adversarial Attacks by Combining Adaptive Step Size Strategy and Data Augmentation Mechanism[J].Journal of Electronics,2024(1):157-169.
[31]DONG Y,PANG T,SU H.Evading Defenses to TransferableAdversarial Examples by Translation-Invariant Attacks[C]//2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2019:4307-4316.
[32]XIE C,ZHANG Z,WANG J,et al.Improving Transferability of Adversarial Examples With Input Diversity[C]//2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2019:2725-2734.
[1] SUN Yifei, LI Yongan. Personalized Learning Resource Recommendation:Classifications,Algorithms,and Challenges [J]. Computer Science, 2026, 53(5): 1-12.
[2] LI Yili, YAO Jietong, LANG Jian, ZHU Guobin, CHEN Leiting, ZHOU Fan. Fake News Video Detection:Methods,Challenges,and Explainability Research [J]. Computer Science, 2026, 53(5): 174-192.
[3] LI Pengqi, DING Lizhong, ZHANG Chunhui, FU Jiarun. Rethinking Deep Generalization Mechanisms:Establishment of Uniform Convergence Bounds Under Overparameterization and High-dimensional Noise Perturbations [J]. Computer Science, 2026, 53(4): 33-39.
[4] ZHENG Yi, JIA Xinghao, ZHANG Junwen, REN Shuang. Image Classification Based on Hybrid Quantum-Classical Long-Short Range Feature Extension Network [J]. Computer Science, 2026, 53(4): 277-283.
[5] GAO Jingyi, LUO Ruiming, LUO Yuetong. Smooth Layout Method of Wiring Harness in Collaborative Convergence Point [J]. Computer Science, 2026, 53(3): 240-245.
[6] JIANG Lei, WANG Zi, YANG Rong, HAN Wanglin. Human Motion Recognition Algorithm Based on Wearable Sensors [J]. Computer Science, 2026, 53(2): 342-348.
[7] WANG Yongquan, SU Mengqi, SHI Qinglei, MA Yining, SUN Yangfan, WANG Changmiao, WANG Guoyou, XI Xiaoming, YIN Yilong, WAN Xiang. Research Progress of Machine Learning in Diagnosis and Treatment of Esophageal Cancer [J]. Computer Science, 2025, 52(9): 4-15.
[8] LIU Leyuan, CHEN Gege, WU Wei, WANG Yong, ZHOU Fan. Survey of Data Classification and Grading Studies [J]. Computer Science, 2025, 52(9): 195-211.
[9] CHEN Jun, ZHOU Qiang, BAO Lei, TAO Qing. Linear Interpolation Method for Adversarial Attack [J]. Computer Science, 2025, 52(8): 403-410.
[10] JIANG Rui, FAN Shuwen, WANG Xiaoming, XU Youyun. Clustering Algorithm Based on Improved SOM Model [J]. Computer Science, 2025, 52(8): 162-170.
[11] YANG Jixiang, JIANG Huiping, WANG Sen, MA Xuan. Research Progress and Challenges in Forest Fire Risk Prediction [J]. Computer Science, 2025, 52(6A): 240400177-8.
[12] KANG Kai, WANG Jiabao, XU Kun. Balancing Transferability and Imperceptibility for Adversarial Attacks [J]. Computer Science, 2025, 52(6): 381-389.
[13] WANG Liming, ZHONG Guomin, SUN Mingxuan, HE Xiongxiong. Finitely-valued Terminal Zeroing Neural Networks with Application to Robotic Motion Planning [J]. Computer Science, 2025, 52(5): 270-280.
[14] TAN Zhengyuan, ZHONG Jiaqing, CHEN Juan. AI+HPC:An Overview of Supercomputing System Software and Application Technology Development Driven by “AI+” [J]. Computer Science, 2025, 52(5): 1-10.
[15] WU Xingli, ZHANG Haoyue, LIAO Huchang. Review of Doctor Recommendation Methods and Applications for Consultation Platforms [J]. Computer Science, 2025, 52(5): 109-121.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.