arXiv:2511.01240v1 Announce Type: new 
Abstract: Transferable attacks generate adversarial examples on surrogate models to fool unknown victim models, posing real-world threats and growing research interest. Despite focusing on flat losses for transferable adversarial examples, recent studies still fall into suboptimal regions, especially the flat-yet-sharp areas, termed as deceptive flatness. In this paper, we introduce a novel black-box gradient-based transferable attack from a perspective of dual-order information. Specifically, we feasibly propose Adversarial Flatness (AF) to the deceptive flatness problem and a theoretical assurance for adversarial transferability. Based on this, using an efficient approximation of our objective, we instantiate our attack as Adversarial Flatness Attack (AFA), addressing the altered gradient sign issue. Additionally, to further improve the attack ability, we devise MonteCarlo Adversarial Sampling (MCAS) by enhancing the inner-loop sampling efficiency. The comprehensive results on ImageNet-compatible dataset demonstrate superiority over six baselines, generating adversarial examples in flatter regions and boosting transferability across model architectures. When tested on input transformation attacks or the Baidu Cloud API, our method outperforms baselines.

تقدم دراسة جديدة نهجًا مبتكرًا لتعزيز فعالية الهجمات القابلة للتحويل في تعلم الآلة. من خلال معالجة مشكلة السطحية الخادعة، حيث يمكن أن تتعرض النماذج للخداع على الرغم من ظهورها القوي، تقدم هذه الأبحاث حلاً واعدًا لتوليد أمثلة عدائية يمكن أن تخدع نماذج ضحية غير معروفة. هذه التطورات مهمة لأنها لا تعمق فقط فهمنا للهجمات العدائية، ولكنها أيضًا تسلط الضوء على التحديات المستمرة لضمان أمان أنظمة تعلم الآلة.

Un nuevo estudio presenta un enfoque innovador para mejorar la efectividad de los ataques transferibles en el aprendizaje automático. Al abordar el problema de la planitud engañosa, donde los modelos pueden ser engañados a pesar de parecer robustos, esta investigación ofrece una solución prometedora para generar ejemplos adversariales que pueden engañar a modelos víctimas desconocidos. Este avance es significativo ya que no solo profundiza nuestra comprensión de los ataques adversariales, sino que también destaca los desafíos continuos para garantizar la seguridad de los sistemas de aprendizaje automático.

Une nouvelle étude présente une approche innovante pour améliorer l'efficacité des attaques transférables en apprentissage automatique. En abordant le problème de la platitude trompeuse, où les modèles peuvent être induits en erreur malgré une apparence robuste, cette recherche offre une solution prometteuse pour générer des exemples adversariaux capables de tromper des modèles victimes inconnus. Cette avancée est significative car elle approfondit notre compréhension des attaques adversariales tout en soulignant les défis persistants pour garantir la sécurité des systèmes d'apprentissage automatique.

A new study introduces an innovative approach to enhancing the effectiveness of transferable attacks in machine learning. By addressing the issue of deceptive flatness, where models can be misled despite appearing robust, this research offers a promising solution for generating adversarial examples that can fool unknown victim models. This advancement is significant as it not only deepens our understanding of adversarial attacks but also highlights the ongoing challenges in ensuring the security of machine learning systems.

Beyond Deceptive Flatness: Dual-Order Solution for Strengthening Adversarial Transferability

arXiv:2406.10090v2 Announce Type: replace 
Abstract: Thanks to their extensive capacity, over-parameterized neural networks exhibit superior predictive capabilities and generalization. However, having a large parameter space is considered one of the main suspects of the neural networks' vulnerability to adversarial example -- input samples crafted ad-hoc to induce a desired misclassification. Relevant literature has claimed contradictory remarks in support of and against the robustness of over-parameterized networks. These contradictory findings might be due to the failure of the attack employed to evaluate the networks' robustness. Previous research has demonstrated that depending on the considered model, the algorithm employed to generate adversarial examples may not function properly, leading to overestimating the model's robustness. In this work, we empirically study the robustness of over-parameterized networks against adversarial examples. However, unlike the previous works, we also evaluate the considered attack's reliability to support the results' veracity. Our results show that over-parameterized networks are robust against adversarial attacks as opposed to their under-parameterized counterparts.

أظهرت الشبكات العصبية ذات المعلمات الزائدة قدرات تنبؤية وتعميم محسنة، لكنها لا تزال عرضة للأمثلة العدائية

Las redes neuronales sobreparametrizadas han demostrado tener capacidades predictivas y de generalización mejoradas, pero siguen siendo vulnerables a ejemplos adversariales—muestras de entrada diseñadas para inducir una mala clasificación. Investigaciones recientes destacan los hallazgos contradictorios sobre la robustez de estas redes, sugiriendo que los métodos de evaluación para ataques adversariales pueden llevar a sobreestimaciones de su resistencia.

Les réseaux de neurones sur-paramétrés ont montré des capacités prédictives et de généralisation améliorées, mais restent vulnérables aux exemples adversariaux—des échantillons d'entrée conçus pour induire une mauvaise classification. Des recherches récentes soulignent les résultats contradictoires concernant la robustesse de ces réseaux, suggérant que les méthodes d'évaluation des attaques adversariales peuvent conduire à des surestimations de leur résilience.

Over-parameterized neural networks have been shown to possess enhanced predictive capabilities and generalization, yet they remain vulnerable to adversarial examples—input samples designed to induce misclassification. Recent research highlights the contradictory findings regarding the robustness of these networks, suggesting that the evaluation methods for adversarial attacks may lead to overestimations of their resilience.

Beyond Deceptive Flatness: Dual-Order Solution for Strengthening Adversarial Transferability

Was this article worth reading? Share it

Humanize AI

LucidQuery AI

GPTHumanizer

Blunge

GPTHuman

The Visualizer

Ready to build your own newsroom?