Conference item
Reliable evaluation of adversarial transferability
- Abstract:
- Adversarial examples (AEs) with small adversarial perturbations can mislead deep neural networks (DNNs) into wrong predictions. The AEs created on one DNN can also fool other networks. Over the last few years, the transferability of AEs has garnered significant attention as it is a crucial property for facilitating black-box attacks. Many approaches have been proposed to improve it and transferability of adversarial attacks across Convolutional Neural Networks (CNNs) is remarkably high, as attested by previous research. However, such evaluation methods are not reliable since all CNNs share some similar architectural biases. In this work, we re-evaluate 13 representative transferability-enhancing attack methods where we test on 18 popular models from 4 types of neural networks. Contrary to the prevailing belief, our reevaluation revealed that the adversarial transferability across these diverse network types is notably diminished, and there is no single AE that can be transferred to all popular models. The transferability rank of previous attacking methods changes when under our comprehensive evaluation. Based on our analysis, we propose a reliable benchmark including three evaluation protocols. We release our benchmark to facilitate future research, which includes code, model checkpoints, and evaluation protocols.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 419.7KB, Terms of use)
-
- Publisher copy:
- 10.1109/satml64287.2025.00049
Authors
- Publisher:
- IEEE
- Host title:
- 2025 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)
- Pages:
- 797-810
- Publication date:
- 2025-05-22
- Acceptance date:
- 2024-12-12
- Event title:
- 3rd IEEE Conference on Secure and Trustworthy Machine Learning (SaTML 2025)
- Event location:
- Copenhagen, Denmark
- Event website:
- https://satml.org/2025/
- Event start date:
- 2025-04-09
- Event end date:
- 2025-04-11
- DOI:
- EISBN:
- 9798331517113
- ISBN:
- 9798331517120
- Language:
-
English
- Keywords:
- Pubs id:
-
2127169
- Local pid:
-
pubs:2127169
- Deposit date:
-
2025-08-06
Terms of use
- Copyright holder:
- IEEE
- Copyright date:
- 2025
- Rights statement:
- ©2025 IEEE.
- Notes:
- The author accepted manuscript (AAM) of this paper has been made available under the University of Oxford's Open Access Publications Policy, and a CC BY public copyright licence has been applied.
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record