Robust deep learning models have demonstrated significant applicability in real-world scenarios. The utilization of adversarial attacks plays a crucial role in assessing the robustness of these models. Among such attacks, transfer-based attacks, which leverage white-box models to generate adversarial examples, have garnered considerable attention. These transfer-based attacks have demonstrated remarkable efficiency, particularly under the black-box setting. Notably, existing transfer attacks often exploit input transformations to amplify their effectiveness. However, prevailing input transformation-based methods typically modify input images indiscriminately, overlooking regional disparities. To bolster the transferability of adversarial examples, we propose the Local Transformation Attack (LTA) based on forward class activation maps. Specifically, we first obtain future examples through accumulated momentum and compute forward class activation maps. Subsequently, we utilize these maps to identify crucial areas and apply pixel scaling for transformation. Finally, we update the adversarial examples by using the average gradient of the transformed image. Extensive experiments convincingly demonstrate the effectiveness of our proposed LTA. Compared to the current state-of-the-art attack approaches, LTA achieves an increase of 7.9% in black-box attack performance. Particularly, in the case of ensemble attacks, our method achieved an average attack success rate of 98.3%.

强大的深度学习模型在实际场景中表现出了重要的适用性。对抗性攻击的利用在评估这些模型的稳健性方面起着至关重要的作用。在此类攻击中，基于转移的攻击（利用白盒模型生成对抗性示例）引起了相当大的关注。这些基于传输的攻击已显示出非凡的效率，尤其是在黑盒设置下。值得注意的是，现有的传输攻击经常利用输入转换来放大其有效性。然而，流行的基于输入转换的方法通常会不加选择地修改输入图像，而忽略了区域差异。为了增强对抗性示例的可转移性，我们提出了基于前向类激活映射的局部转换攻击 （LTA）。具体来说，我们首先通过累积的动量获得未来的例子，并计算前向类激活图。随后，我们利用这些地图来识别关键区域并应用像素缩放进行转换。最后，我们使用转换后图像的平均梯度来更新对抗示例。广泛的实验令人信服地证明了我们提出的 LTA 的有效性。与当前最先进的攻击方法相比，LTA 的黑盒攻击性能提高了 7.9%。特别是在 ensemble 攻击的情况下，我们的方法实现了 98.3% 的平均攻击成功率。