arXiv:2512.06185v1 Announce Type: new 
Abstract: Deep neural networks (DNNs) excel across image recognition tasks, yet continue to exhibit overconfidence on inputs that bear no resemblance to natural images. Revisiting the "fooling images" work introduced by Nguyen et al. (2015), we re-implement both CPPN-based and direct-encoding-based evolutionary fooling attacks on modern architectures, including convolutional and transformer classifiers. Our re-implementation confirm that high-confidence fooling persists even in state-of-the-art networks, with transformer-based ViT-B/16 emerging as the most susceptible--achieving near-certain misclassifications with substantially fewer queries than convolution-based models. We then introduce SPOOF, a minimalist, consistent, and more efficient black-box attack generating high-confidence fooling images. Despite its simplicity, SPOOF generates unrecognizable fooling images with minimal pixel modifications and drastically reduced compute. Furthermore, retraining with fooling images as an additional class provides only partial resistance, as SPOOF continues to fool consistently with slightly higher query budgets--highlighting persistent fragility of modern deep classifiers.

تكشف دراسة جديدة بعنوان 'SPOOF: Simple Pixel Operations for Out-of-Distribution Fooling' أن الشبكات العصبية العميقة (DNN) لا تزال تظهر ثقة مفرطة في تصنيف المدخلات التي لا تشبه الصور الطبيعية بشكل خاطئ. تعيد هذه الدراسة زيارة الصور المخادعة وتؤكد أن الهياكل الحديثة، وخاصة النموذج القائم على المحولات ViT-B/16، عرضة للغاية للتصنيفات الخاطئة مع استفسارات أقل مقارنة بالنماذج القائمة على الالتفاف.

Un nuevo estudio titulado 'SPOOF: Simple Pixel Operations for Out-of-Distribution Fooling' revela que las redes neuronales profundas (DNN) continúan mostrando una excesiva confianza en clasificar incorrectamente entradas que no se asemejan a imágenes naturales. La investigación revisita las imágenes engañosas y confirma que las arquitecturas modernas, en particular el modelo basado en transformadores ViT-B/16, son altamente susceptibles a clasificaciones erróneas con menos consultas en comparación con los modelos basados en convolución.

Une nouvelle étude intitulée 'SPOOF: Simple Pixel Operations for Out-of-Distribution Fooling' révèle que les réseaux de neurones profonds (DNN) continuent de montrer une trop grande confiance dans la classification erronée des entrées qui ne ressemblent pas à des images naturelles. La recherche revisite les images trompeuses et confirme que les architectures modernes, en particulier le modèle basé sur le transformateur ViT-B/16, sont très sensibles aux classifications erronées avec moins de requêtes par rapport aux modèles basés sur la convolution.

A new study titled 'SPOOF: Simple Pixel Operations for Out-of-Distribution Fooling' reveals that deep neural networks (DNNs) continue to show overconfidence in misclassifying inputs that do not resemble natural images. The research revisits fooling images and confirms that modern architectures, particularly the transformer-based ViT-B/16, are highly susceptible to misclassifications with fewer queries compared to convolution-based models.

SPOOF: Simple Pixel Operations for Out-of-Distribution Fooling

arXiv:2512.08061v1 Announce Type: cross 
Abstract: Scaling attention faces a critical bottleneck: the $\mathcal{O}(n^2)$ quadratic computational cost of softmax attention, which limits its application in long-sequence domains. While linear attention mechanisms reduce this cost to $\mathcal{O}(n)$, they typically rely on fixed random feature maps, such as random Fourier features or hand-crafted functions. This reliance on static, data-agnostic kernels creates a fundamental trade-off, forcing practitioners to sacrifice significant model accuracy for computational efficiency. We introduce \textsc{LUNA}, a kernelized linear attention mechanism that eliminates this trade-off, retaining linear cost while matching and surpassing the accuracy of quadratic attention. \textsc{LUNA} is built on the key insight that the kernel feature map itself should be learned rather than fixed a priori. By parameterizing the kernel, \textsc{LUNA} learns a feature basis tailored to the specific data and task, overcoming the expressive limitations of fixed-feature methods. \textsc{Luna} implements this with a learnable feature map that induces a positive-definite kernel and admits a streaming form, yielding linear time and memory scaling in the sequence length. Empirical evaluations validate our approach across diverse settings. On the Long Range Arena (LRA), \textsc{Luna} achieves state-of-the-art average accuracy among efficient Transformers under compute parity, using the same parameter count, training steps, and approximate FLOPs. \textsc{Luna} also excels at post-hoc conversion: replacing softmax in fine-tuned BERT and ViT-B/16 checkpoints and briefly fine-tuning recovers most of the original performance, substantially outperforming fixed linearizations.

تم تقديم آلية انتباه خطية جديدة تُدعى LUNA، والتي تعالج عنق الزجاجة الحاسوبي لآلية الانتباه softmax التقليدية، التي تعمل بتكلفة تربيعية. تحقق LUNA تكلفة خطية مع الحفاظ على دقة تعادل أو تتجاوز دقة الانتباه التربيعي من خلال تعلم خريطة ميزات النواة المخصصة للبيانات والمهام المحددة.

Se ha introducido un nuevo mecanismo de atención lineal llamado LUNA, que aborda el cuello de botella computacional de la atención softmax tradicional, que opera a un costo cuadrático. LUNA logra un costo lineal mientras mantiene o supera la precisión de la atención cuadrática al aprender el mapa de características del núcleo adaptado a datos y tareas específicas.

Un nouveau mécanisme d'attention linéaire nommé LUNA a été introduit, abordant le goulot d'étranglement computationnel de l'attention softmax traditionnelle, qui fonctionne à un coût quadratique. LUNA atteint un coût linéaire tout en maintenant ou en dépassant la précision de l'attention quadratique en apprenant la carte de caractéristiques du noyau adaptée à des données et tâches spécifiques.

A new linear attention mechanism named LUNA has been introduced, addressing the computational bottleneck of traditional softmax attention, which operates at a quadratic cost. LUNA achieves linear cost while maintaining or exceeding the accuracy of quadratic attention by learning the kernel feature map tailored to specific data and tasks.

SPOOF: Simple Pixel Operations for Out-of-Distribution Fooling

Was this article worth reading? Share it

WasItAI

Humanize AI

GPTHumanizer