SemDiff: Generating Natural Unrestricted Adversarial Examples via Semantic Attributes Optimization in Diffusion Models

--Unrestricted adversarial examples (UAEs), allow the attacker to create non-constrained adversarial examples without given clean samples, posing a severe threat to the safety of deep learning models. Recent works utilize diffusion models to generate UAEs. In light of this, we propose SemDiff, a novel unrestricted adversarial attack that explores the semantic latent space of diffusion models for meaningful attributes, and devises a multi-attributes optimization approach to ensure attack success while maintaining the naturalness and imperceptibility of generated UAEs. We perform extensive experiments on four tasks on three high-resolution datasets, including CelebA-HQ, AFHQ and ImageNet. The results demonstrate that SemDiff outperforms state-of-the-art methods in terms of attack success rate and imperceptibility. The generated UAEs are natural and exhibit semantically meaningful changes, in accord with the attributes' weights. In addition, SemDiff is found capable of evading different defenses, which further validates its effectiveness and threatening. EEP Neural Networks (DNNs) have achieved significant success in wide range of applications, such as image classification [1], face recognition [2], social recommendation [3], and machine translation [4]. However, a lot of research finds that deep learning models are vulnerable to adversarial attacks [5]-[18]. Traditional adversarial attacks try to generate adversarial examples to fool DNNs into wrong predictions by injecting imperceptible perturbations into clean samples [5]-[8]. This type of adversarial examples is called as perturbation-based adversarial examples [12], which pose a constraint on the perturbation magnitude [6]-[8]. Manuscript received April 6, 2025. Zeyu Dai, Shengcai Liu, Rui He, Jiahao Wu, Ning Lu and Ke Tang are with the Guangdong Provincial Key Laboratory of Brain-Inspired Intelligent Computation and Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen 518055, China (e-mail: liusc3@sustech.edu.cn).